Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3197 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML.
CVE-2006-3202 1 Netbsd 1 Netbsd 2026-04-16 N/A
The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket.
CVE-2006-0756 1 Dotproject 1 Dotproject 2026-04-16 N/A
dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php
CVE-2006-0763 1 Cpanel 1 Cpanel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
CVE-2006-3256 1 Woltlab 1 Burning Board 2026-04-16 N/A
SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2006-0900 1 Freebsd 1 Freebsd 2026-04-16 N/A
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
CVE-2006-0906 1 Top Line 1 D3jeeb Pro 2026-04-16 N/A
SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2) catogary.php.
CVE-2006-0908 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.
CVE-2006-0912 1 Oreka 1 Oreka 2026-04-16 N/A
Oreka before 0.5 allows remote attackers to cause a denial of service (application crash) via a "certain RTP sequence."
CVE-2006-0939 1 Dci-designs 1 Dci-taskeen 2026-04-16 N/A
SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php.
CVE-2006-0943 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2006-0927 2 Jgs-xa, Woltlab 2 Jgs-gallery Addon, Burning Board 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php.
CVE-2006-0947 1 Thomson 1 Speedtouch 2026-04-16 N/A
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface.
CVE-2006-0928 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code.
CVE-2006-0949 1 Raidenhttpd 1 Raidenhttpd 2026-04-16 N/A
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters.
CVE-2006-0951 1 Eset Software 1 Nod32 Antivirus 2026-04-16 N/A
The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors.
CVE-2006-0936 1 Free Host Shop 1 Website Generator 2026-04-16 N/A
Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00.
CVE-2006-3308 1 Zoid Technologies 1 Project Eros Bbsengine 2026-04-16 N/A
Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS).
CVE-2006-1089 1 Punbb 1 Punbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
CVE-2006-1093 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed.