Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2667 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. | ||||
| CVE-2006-2675 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters. | ||||
| CVE-2006-2687 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter). | ||||
| CVE-2006-2697 | 1 Easy-content Forums | 1 Easy-content Forums | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp. | ||||
| CVE-2006-2704 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2026-04-16 | N/A |
| Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information. | ||||
| CVE-2006-2705 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2026-04-16 | N/A |
| Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages. | ||||
| CVE-2006-2707 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2026-04-16 | N/A |
| Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients. | ||||
| CVE-2006-2709 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2026-04-16 | N/A |
| Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate the source address of a message, which allows remote attackers to (1) execute arbitrary code on a client or (2) forge messages to the server. | ||||
| CVE-2006-2714 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2026-04-16 | N/A |
| Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID. | ||||
| CVE-2006-2717 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2026-04-16 | N/A |
| Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2) on a client via modified pathnames, possibly due to a directory traversal issue. | ||||
| CVE-2006-2732 | 1 Mini-nuke | 1 Mini-nuke | 2026-04-16 | N/A |
| SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters. | ||||
| CVE-2006-2733 | 1 Mini-nuke | 1 Mini-nuke | 2026-04-16 | N/A |
| membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts. | ||||
| CVE-2006-2738 | 1 Open-xchange | 1 Open-xchange | 2026-04-16 | N/A |
| The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. | ||||
| CVE-2006-2750 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message. | ||||
| CVE-2006-2753 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2026-04-16 | N/A |
| SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. | ||||
| CVE-2006-2756 | 1 Eitsop | 1 My Web Server | 2026-04-16 | N/A |
| Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897. | ||||
| CVE-2006-2762 | 1 Webcalendar | 1 Webcalendar | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call. | ||||
| CVE-2006-2771 | 1 Hogstorps | 1 Hogstorp Guestbook | 2026-04-16 | N/A |
| admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter. | ||||
| CVE-2006-2787 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2026-04-16 | N/A |
| EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. | ||||
| CVE-2006-2790 | 1 Sun | 1 Storage Automated Diagnostic Environment | 2026-04-16 | N/A |
| A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges. | ||||