NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:June 25, 2026, 4:04 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
342601 6.8 MEDIUM
verosky_media instant_photo_gallery SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not clea… NVD-CWE-Other
CVE-2006-2080 2018-10-19 01:38 2006-04-28 Show GitHub Exploit DB Packet Storm
342602 4.6 MEDIUM
oracle database_server Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was original… NVD-CWE-Other
CVE-2006-2081 2018-10-19 01:38 2006-04-28 Show GitHub Exploit DB Packet Storm
342603 7.5 HIGH
id_software quake_3_engine Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when t… NVD-CWE-Other
CVE-2006-2082 2018-10-19 01:38 2006-05-10 Show GitHub Exploit DB Packet Storm
342604 7.5 HIGH
id_software quake_3_engine id Software has released patches to address this and other issues. NVD-CWE-Other
CVE-2006-2082 2018-10-19 01:38 2006-05-10 Show GitHub Exploit DB Packet Storm
342605 4.3 MEDIUM
farsinews farsinews Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) i… CWE-79
Cross-site Scripting 		CVE-2006-2084 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342606 5.1 MEDIUM
speedproject speedcommander
squeez 		Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attacker… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2006-2085 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342607 7.5 HIGH
juniper junipersetup_control Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1… NVD-CWE-Other
CVE-2006-2086 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342608 4.3 MEDIUM
devsyn open_bulletin_board Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php a… NVD-CWE-Other
CVE-2006-2088 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342609 4.3 MEDIUM
mysmartbb mysmartbb Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters. NVD-CWE-Other
CVE-2006-2089 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342610 7.5 HIGH
mysmartbb mysmartbb Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. CWE-89
SQL Injection 		CVE-2006-2090 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342611 5.0 MEDIUM
vwar virtual_war admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message. NVD-CWE-Other
CVE-2006-2091 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342612 2.6 LOW
nessus nessus Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a … CWE-399
 Resource Management Errors 		CVE-2006-2093 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342613 5.0 MEDIUM
neocrome land_down_under plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message. NVD-CWE-Other
CVE-2006-2096 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342614 7.5 HIGH
invision_power_services invision_power_board SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). NVD-CWE-Other
CVE-2006-2097 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342615 5.0 MEDIUM
ezb_systems ultraiso Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. NVD-CWE-Other
CVE-2006-2099 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342616 7.8 HIGH
magic_iso_maker magic_iso_maker Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. NVD-CWE-Other
CVE-2006-2100 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342617 5.0 MEDIUM
winiso_computing winiso Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. NVD-CWE-Other
CVE-2006-2101 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342618 7.8 HIGH
poweriso poweriso Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. NVD-CWE-Other
CVE-2006-2102 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342619 2.1 LOW
mybulletinboard mybulletinboard SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/… CWE-89
SQL Injection 		CVE-2006-2103 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342620 2.1 LOW
mybulletinboard mybulletinboard Successful exploitation requires access to the admin section. CWE-89
SQL Injection 		CVE-2006-2103 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342621 7.5 HIGH
bl4 smtp_server Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3)… NVD-CWE-Other
CVE-2006-2107 2018-10-19 01:38 2006-04-29 Show GitHub Exploit DB Packet Storm
342622 6.8 MEDIUM
jsboard jsboard Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to injec… NVD-CWE-Other
CVE-2006-2109 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342623 6.8 MEDIUM
jsboard jsboard This vulnerability is addressed in the following product release: JSBoard, JSBoard, 2.0.12 NVD-CWE-Other
CVE-2006-2109 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342624 4.3 MEDIUM
microsoft outlook_express A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported … CWE-200
Information Exposure 		CVE-2006-2111 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342625 7.5 HIGH
dell
fuji_xerox 		3000cn
3010cn
3100cn
3110cn
5100cn
5110cn
docuprint_181
docuprint_181_network_option_card
docuprint_211
docuprint_211_network_option_card
docuprint_c1616
docuprint_c1… 		Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware be… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2006-2112 2018-10-19 01:38 2006-08-25 Show GitHub Exploit DB Packet Storm
342626 6.4 MEDIUM
dell
fuji_xerox 		3000cn
3010cn
3100cn
3110cn
5100cn
5110cn
docuprint_181
docuprint_181_network_option_card
docuprint_211
docuprint_211_network_option_card
docuprint_c1616
docuprint_c1… 		The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Net… CWE-287
Improper Authentication 		CVE-2006-2113 2018-10-19 01:38 2006-08-25 Show GitHub Exploit DB Packet Storm
342627 7.5 HIGH
sws sws_simple_web_server Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request. NVD-CWE-Other
CVE-2006-2114 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342628 7.5 HIGH
sws sws_simple_web_server Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call. NVD-CWE-Other
CVE-2006-2115 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342629 7.5 HIGH
planet_concept planetgallery planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. NVD-CWE-Other
CVE-2006-2116 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342630 4.3 MEDIUM
extrosoft thyme Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. NVD-CWE-Other
CVE-2006-2117 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342631 7.5 HIGH
jmk_web_scripts jmk_picture_gallery JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action. NVD-CWE-Other
CVE-2006-2118 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342632 5.0 MEDIUM
artmedic_webdesign artmedic_event PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter. NVD-CWE-Other
CVE-2006-2119 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342633 5.0 MEDIUM
i-rater i-rater_platinum PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a … NVD-CWE-Other
CVE-2006-2121 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342634 6.8 MEDIUM
coolmenus coolmenus PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is proba… CWE-94
Code Injection 		CVE-2006-2122 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342635 6.4 MEDIUM
blog_mod blog_mod SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter. NVD-CWE-Other
CVE-2006-2127 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342636 7.5 HIGH
deltascripts pro_publish Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str pa… CWE-89
SQL Injection 		CVE-2006-2128 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342637 4.3 MEDIUM
neomail neomail Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. NVD-CWE-Other
CVE-2006-2138 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342638 6.4 MEDIUM
limbo_cms limbo_cms PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. NVD-CWE-Other
CVE-2006-2142 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342639 4.3 MEDIUM
jcink textfilebb Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2… NVD-CWE-Other
CVE-2006-2143 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342640 6.4 MEDIUM
dmcounter dmcounter PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. NVD-CWE-Other
CVE-2006-2144 2018-10-19 01:38 2006-05-2 Show GitHub Exploit DB Packet Storm
342641 6.4 MEDIUM
phpbb_group phpbb_toplist PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. NVD-CWE-Other
CVE-2006-2150 2018-10-19 01:38 2006-05-3 Show GitHub Exploit DB Packet Storm
342642 4.3 MEDIUM
jbmc_software directadmin Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. NVD-CWE-Other
CVE-2006-2153 2018-10-19 01:38 2006-05-3 Show GitHub Exploit DB Packet Storm
342643 6.4 MEDIUM
x7_group x7_chat Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter. NVD-CWE-Other
CVE-2006-2156 2018-10-19 01:38 2006-05-3 Show GitHub Exploit DB Packet Storm
342644 5.0 MEDIUM
russcom_network loginphp CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. NVD-CWE-Other
CVE-2006-2159 2018-10-19 01:38 2006-05-3 Show GitHub Exploit DB Packet Storm
342645 4.3 MEDIUM
russcom_network loginphp Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering. NVD-CWE-Other
CVE-2006-2160 2018-10-19 01:38 2006-05-3 Show GitHub Exploit DB Packet Storm
342646 5.1 MEDIUM
cam_development
erik_dienske
roger_aelbrecht 		cam_unzip
abakt
tzipbuilder 		Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a … NVD-CWE-Other
CVE-2006-2161 2018-10-19 01:38 2006-05-9 Show GitHub Exploit DB Packet Storm
342647 4.3 MEDIUM
sloughflash sf-users Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain… NVD-CWE-Other
CVE-2006-2167 2018-10-19 01:38 2006-05-4 Show GitHub Exploit DB Packet Storm
342648 7.5 HIGH
fileprotection_express fileprotection_express FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. NVD-CWE-Other
CVE-2006-2168 2018-10-19 01:38 2006-05-4 Show GitHub Exploit DB Packet Storm
342649 7.5 HIGH
gene6 g6_ftp_server Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as… NVD-CWE-Other
CVE-2006-2172 2018-10-19 01:38 2006-05-4 Show GitHub Exploit DB Packet Storm
342650 6.4 MEDIUM
ftrainsoft fast_click PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php. NVD-CWE-Other
CVE-2006-2175 2018-10-19 01:38 2006-05-4 Show GitHub Exploit DB Packet Storm