NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 23, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
342751	5.1	MEDIUM	k-meleon_project mozilla netscape	k-meleon firefox navigator	Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an …	NVD-CWE-Other	CVE-2006-1942	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342752	5.0	MEDIUM	solarwinds	tftp_server	Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are colla…	NVD-CWE-Other	CVE-2006-1951	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342753	7.8	HIGH	caucho_technology	resin	Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL.	NVD-CWE-Other	CVE-2006-1953	2018-10-19 01:37	2006-05-17	Show	GitHub Exploit DB Packet Storm

342754	7.8	HIGH	caucho_technology	resin	This vulnerability is addressed in the following product release: Caucho Technology, Resin, 3.0.19 The following product releases are not vulnerable: Caucho Technology, Resin, 3.0.16 Caucho T…	NVD-CWE-Other	CVE-2006-1953	2018-10-19 01:37	2006-05-17	Show	GitHub Exploit DB Packet Storm

342755	6.4	MEDIUM	wired_community_software	wwwthreads	Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via (1) the forumreferrer cookie to register.php and (2) the messages parameter in m…	NVD-CWE-Other	CVE-2006-1958	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342756	7.5	HIGH	actualscripts	actualanalyzer	PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbi…	NVD-CWE-Other	CVE-2006-1959	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342757	5.8	MEDIUM	cisco	wireless_lan_solution_engine	Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arb…	NVD-CWE-Other	CVE-2006-1960	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342758	7.5	HIGH	cisco	user_registration_tool wireless_lan_solution_engine ciscoworks_2000_service_management_solution hosting_solution_engine ethernet_subscriber_solution_engine	Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscri…	NVD-CWE-Other	CVE-2006-1961	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342759	7.5	HIGH	pcpin	pcpin_chat	SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.	CWE-89 SQL Injection	CVE-2006-1962	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342760	5.5	MEDIUM	pcpin	pcpin_chat	Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as…	NVD-CWE-Other	CVE-2006-1963	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342761	7.5	HIGH	aspsitem	aspsitem	SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.	NVD-CWE-Other	CVE-2006-1964	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342762	5.0	MEDIUM	fortinet	fortinet28	An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond w…	NVD-CWE-Other	CVE-2006-1966	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342763	4.3	MEDIUM	krankikom	contentboxx	Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter.	NVD-CWE-Other	CVE-2006-1971	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342764	4.3	MEDIUM	wingnut	easygallery	Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter.	NVD-CWE-Other	CVE-2006-1972	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342765	5.8	MEDIUM	flexbb	flexbb	Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) message parameters.	NVD-CWE-Other	CVE-2006-1977	2018-10-19 01:37	2006-04-22	Show	GitHub Exploit DB Packet Storm

342766	7.5	HIGH	flexbb	flexbb	SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter.	CWE-89 SQL Injection	CVE-2006-1978	2018-10-19 01:37	2006-04-22	Show	GitHub Exploit DB Packet Storm

342767	5.8	MEDIUM	manic_web	mwguest	Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.	NVD-CWE-Other	CVE-2006-1979	2018-10-19 01:37	2006-04-22	Show	GitHub Exploit DB Packet Storm

342768	5.0	MEDIUM	php	php	Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to …	NVD-CWE-Other	CVE-2006-1990	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342769	5.1	MEDIUM	mozilla	firefox	Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by th…	CWE-399 Resource Management Errors	CVE-2006-1993	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342770	5.0	MEDIUM	scry_gallery	scry_gallery	Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtr…	NVD-CWE-Other	CVE-2006-1995	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342771	5.0	MEDIUM	scry_gallery	scry_gallery	Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message.	NVD-CWE-Other	CVE-2006-1996	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342772	2.1	LOW	openttd	openttd	OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error.	NVD-CWE-Other	CVE-2006-1998	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342773	5.0	MEDIUM	openttd	openttd	The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu.	NVD-CWE-Other	CVE-2006-1999	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342774	4.3	MEDIUM	scry_gallery	scry_gallery	Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability …	NVD-CWE-Other	CVE-2006-2001	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342775	5.0	MEDIUM	mygamingladder	mygamingladder	PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter.	NVD-CWE-Other	CVE-2006-2002	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342776	5.0	MEDIUM	mygamingladder	mygamingladder	Successful exploitation requires that "register_globals" is enabled.	NVD-CWE-Other	CVE-2006-2002	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342777	7.5	HIGH	michael_romedahl	ri_blog	Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields.	NVD-CWE-Other	CVE-2006-2004	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342778	7.5	HIGH	clansys	clansys	Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that…	NVD-CWE-Other	CVE-2006-2005	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342779	7.5	HIGH	phpmyagenda	phpmyagenda	PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter.	NVD-CWE-Other	CVE-2006-2009	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342780	7.5	HIGH	paras_chopra	bloggage	Multiple SQL injection vulnerabilities in check_login.asp in Bloggage allow remote attackers to execute arbitrary SQL commands via the (1) acc_name and (2) password parameter.	NVD-CWE-Other	CVE-2006-2010	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342781	2.6	LOW	4homepages	4images	Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name par…	NVD-CWE-Other	CVE-2006-2011	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342782	5.0	MEDIUM	skulltag_team	skulltag	Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.	NVD-CWE-Other	CVE-2006-2012	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342783	7.5	HIGH	jelsoft	vbulletin	SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by th…	NVD-CWE-Other	CVE-2006-2018	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342784	7.5	HIGH	jelsoft	vbulletin	This vulnerability has been disputed by the vendor. The affected version has been disputed by the vendor via e-mail to CVE. It appears that this is the same issue as CVE-2004-0036, which was fixed …	NVD-CWE-Other	CVE-2006-2018	2018-10-19 01:37	2006-04-25	Show	GitHub Exploit DB Packet Storm

342785	5.0	MEDIUM	apple	safari	Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan at…	NVD-CWE-Other	CVE-2006-2019	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342786	7.8	HIGH	asteriskathome	asteriskathome	Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obta…	NVD-CWE-Other	CVE-2006-2020	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342787	7.8	HIGH	asteriskathome	asteriskathome	This vulnerability is addressed in the following product releases: Littlejohn Consulting, Asterisk Recording Interface, 0.10.00 and higher	NVD-CWE-Other	CVE-2006-2020	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342788	5.0	MEDIUM	asteriskathome	asteriskathome	Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, W…	NVD-CWE-Other	CVE-2006-2021	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342789	5.0	MEDIUM	asteriskathome	asteriskathome	This vulnerability is addressed in the following product release: Asterisk@Home, Asterisk@Home, 2.8	NVD-CWE-Other	CVE-2006-2021	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342790	7.5	HIGH	ls3	fenice	Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.	NVD-CWE-Other	CVE-2006-2022	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342791	5.0	MEDIUM	ls3	fenice	Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Lengt…	NVD-CWE-Other	CVE-2006-2023	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342792	6.5	MEDIUM	pablo_software_solutions	quick_n_easy_ftp_server	Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execu…	NVD-CWE-Other	CVE-2006-2027	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342793	5.8	MEDIUM	simplog	simplog	Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE…	NVD-CWE-Other	CVE-2006-2028	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342794	6.4	MEDIUM	simplog	simplog	Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid,…	NVD-CWE-Other	CVE-2006-2029	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342795	5.0	MEDIUM	alliedtelesyn	at-9724ts	The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the ma…	NVD-CWE-Other	CVE-2006-2030	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342796	6.4	MEDIUM	corenews	corenews	Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.	NVD-CWE-Other	CVE-2006-2032	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342797	6.4	MEDIUM	corenews	corenews	PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector th…	NVD-CWE-Other	CVE-2006-2033	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342798	7.5	HIGH	flexbb	flexbb	SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the sh…	NVD-CWE-Other	CVE-2006-2034	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342799	3.7	LOW	websense	websense	Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL.	NVD-CWE-Other	CVE-2006-2035	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm

342800	2.1	LOW	iopus	secure_email_attachments	iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substri…	NVD-CWE-Other	CVE-2006-2036	2018-10-19 01:37	2006-04-26	Show	GitHub Exploit DB Packet Storm