Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1923 1 Linpha 1 Linpha 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.
CVE-2006-1924 1 Linpha 1 Linpha 2026-04-16 N/A
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2006-2202 1 Invision Power Services 1 Invision Gallery 2026-04-16 N/A
SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2006-2205 1 Netbsd 1 Netbsd 2026-04-16 N/A
The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device.
CVE-2006-2206 1 Ultravnc 1 Ultravnc 2026-04-16 N/A
The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.
CVE-2006-2208 1 Planetluc 1 Mynews 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters.
CVE-2006-2209 1 Php Arena 1 Pacheckbook 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2211 1 321soft 1 Php-gallery 2026-04-16 N/A
Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.
CVE-2006-2213 1 Hostapd 1 Hostapd 2026-04-16 N/A
Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame.
CVE-2006-2214 1 4images 1 Image Gallery Management System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php. NOTE: this issue has also been reported to affect 1.7.2.
CVE-2006-2216 1 Devsyn 1 Open Bulletin Board 2026-04-16 N/A
Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php.
CVE-2006-2217 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2222 1 Norz 1 Zawhttpd 2026-04-16 N/A
Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters.
CVE-2006-2225 1 Dxmsoft 1 Xm Easy Personal Ftp Server 2026-04-16 N/A
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.
CVE-2006-2226 1 Dxmsoft 1 Xm Easy Personal Ftp Server 2026-04-16 N/A
Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.
CVE-2006-2227 1 Punbb 1 Punbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized.
CVE-2006-2230 1 Xine 1 Xine 2026-04-16 N/A
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
CVE-2006-2231 1 Big Webmaster 1 Big Webmaster Guestbook Script 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi.
CVE-2006-2232 1 Scriptsez 1 Cute Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook.
CVE-2006-2233 1 Banktown 1 Btcxctl20com Activex Control 2026-04-16 N/A
Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information.