Search Results (363078 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2140 1 Orbitscripts 1 Orbithyip 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.
CVE-2006-2141 1 Collaborative Portal Server Project 1 Collaborative Portal Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument.
CVE-2006-2142 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.
CVE-2006-2143 1 Jcink 1 Textfilebb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags.
CVE-2006-2144 1 Dmcounter 1 Dmcounter 2026-04-16 N/A
PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2006-2145 1 Harold Bakker 1 Hb-ns 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter.
CVE-2000-1038 1 Ibm 1 As400 Firewall 2026-04-16 N/A
The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.
CVE-2006-2160 1 Russcom Network 1 Loginphp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering.
CVE-2006-2162 1 Nagios 1 Nagios 2026-04-16 N/A
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.
CVE-2006-2288 1 Avahi 1 Avahi 2026-04-16 N/A
Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts.
CVE-2000-1039 1 Microsoft 5 Windows 95, Windows 98, Windows 98se and 2 more 2026-04-16 N/A
Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.
CVE-2006-2165 1 Pentasoft Corp. 1 Avactis Shopping Cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2166 1 Cisco 2 Unity Express, Unity Express Software 2026-04-16 N/A
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
CVE-2006-2167 1 Sloughflash 1 Sf-users 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.
CVE-2006-2168 1 Fileprotection Express 1 Fileprotection Express 2026-04-16 N/A
FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1.
CVE-2006-2169 1 Best Practical Solutions 1 Request Tracker 2026-04-16 N/A
RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message.
CVE-2006-2170 1 Argosoft 1 Ftp Server 2026-04-16 N/A
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.
CVE-2006-2174 1 Virtual Hosting Control System 1 Virtual Hosting Control System 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter.
CVE-2006-2175 1 Ftrainsoft 1 Fast Click 2026-04-16 N/A
PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.
CVE-2006-2176 1 Php Design X 1 Php Linkliste 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name parameter.