NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:June 23, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
342801 4.3 MEDIUM
thwboard thwboard Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter. NVD-CWE-Other
CVE-2006-2037 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342802 6.4 MEDIUM
photokorn photokorn Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parame… NVD-CWE-Other
CVE-2006-2040 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342803 4.6 MEDIUM
ip3_networks ip3_netaccess_75 na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI). NVD-CWE-Other
CVE-2006-2043 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342804 7.5 HIGH
ip3_networks ip3_netaccess_75 na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin. NVD-CWE-Other
CVE-2006-2044 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342805 3.6 LOW
ip3_networks ip3_netaccess_75 The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess datab… NVD-CWE-Other
CVE-2006-2045 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342806 4.3 MEDIUM
phpwebftp phpwebftp Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) us… NVD-CWE-Other
CVE-2006-2048 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342807 4.3 MEDIUM
dcscripts dcforumlite Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter. NVD-CWE-Other
CVE-2006-2049 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342808 5.0 MEDIUM
dcscripts dcforumlite SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter. NVD-CWE-Other
CVE-2006-2050 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342809 5.8 MEDIUM
nextage nextage_shopping_cart Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password p… NVD-CWE-Other
CVE-2006-2051 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342810 5.8 MEDIUM
verosky_media instant_photo_gallery Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.p… NVD-CWE-Other
CVE-2006-2052 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342811 5.0 MEDIUM
invision_power_services invision_power_board action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate paramete… NVD-CWE-Other
CVE-2006-2059 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342812 6.4 MEDIUM
invision_power_services invision_power_board Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute … NVD-CWE-Other
CVE-2006-2060 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342813 6.4 MEDIUM
invision_power_services invision_power_board If you've downloaded IPB 2.1.5 since the time of this post, there is no need to update your installation as the main download has been updated. NVD-CWE-Other
CVE-2006-2060 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342814 5.0 MEDIUM
invision_power_services invision_board
invision_power_board 		SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, w… NVD-CWE-Other
CVE-2006-2061 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342815 5.0 MEDIUM
invision_power_services invision_board
invision_power_board 		The vendor has released an update to address this and other versions. NVD-CWE-Other
CVE-2006-2061 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342816 7.5 HIGH
phpsurveyor phpsurveyor SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to exe… NVD-CWE-Other
CVE-2006-2065 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342817 4.3 MEDIUM
mkportal mkportal Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HT… CWE-79
Cross-site Scripting 		CVE-2006-2066 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342818 7.5 HIGH
mkportal mkportal SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter. NVD-CWE-Other
CVE-2006-2067 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342819 4.3 MEDIUM
mybb devbb Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action. NVD-CWE-Other
CVE-2006-2070 2018-10-19 01:37 2006-04-27 Show GitHub Exploit DB Packet Storm
342820 5.0 MEDIUM
mozilla firefox
mozilla_suite
seamonkey
thunderbird 		The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that… NVD-CWE-Other
CVE-2006-1742 2018-10-19 01:36 2006-04-14 Show GitHub Exploit DB Packet Storm
342821 5.0 MEDIUM
mozilla firefox
mozilla_suite
seamonkey
thunderbird 		Fixed in: Firefox 1.5 Firefox 1.0.8 Thunderbird 1.5 Thunderbird 1.0.8 SeaMonkey 1.0 Mozilla Suite 1.7.13 NVD-CWE-Other
CVE-2006-1742 2018-10-19 01:36 2006-04-14 Show GitHub Exploit DB Packet Storm
342822 7.5 HIGH
smartisoft phplistpro PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later rep… CWE-94
Code Injection 		CVE-2006-1749 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342823 7.5 HIGH
swsoft confixx SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. NVD-CWE-Other
CVE-2006-1754 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342824 7.5 HIGH
matthew_dingley md_news SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NVD-CWE-Other
CVE-2006-1755 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342825 7.5 HIGH
matthew_dingley md_news MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. NVD-CWE-Other
CVE-2006-1756 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342826 2.6 LOW
bill_shupp vegadns Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. NVD-CWE-Other
CVE-2006-1757 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342827 7.5 HIGH
bill_shupp vegadns SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NVD-CWE-Other
CVE-2006-1758 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342828 2.6 LOW
swsoft confixx Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. NVD-CWE-Other
CVE-2006-1759 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342829 2.6 LOW
blursoft blur6ex Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error messa… NVD-CWE-Other
CVE-2006-1761 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342830 7.5 HIGH
blursoft blur6ex Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant X… NVD-CWE-Other
CVE-2006-1762 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342831 5.0 MEDIUM
blursoft blur6ex Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the… NVD-CWE-Other
CVE-2006-1763 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342832 6.8 MEDIUM
jbook jbook Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. NVD-CWE-Other
CVE-2006-1765 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342833 7.5 HIGH
nicecoder indexu Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php,… NVD-CWE-Other
CVE-2006-1767 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342834 5.1 MEDIUM
tritanium_scripts tritanium_bulletin_board Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2)… NVD-CWE-Other
CVE-2006-1768 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342835 5.1 MEDIUM
tritanium_scripts tritanium_bulletin_board Succesful exploitation requires that "register_globals" is enabled. NVD-CWE-Other
CVE-2006-1768 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342836 6.8 MEDIUM
userland manila Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) … NVD-CWE-Other
CVE-2006-1769 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342837 10.0 HIGH
azerbaijan_development_group azdgvote Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in… NVD-CWE-Other
CVE-2006-1770 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342838 7.5 HIGH
saxotech saxopress Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary pro… NVD-CWE-Other
CVE-2006-1771 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342839 7.5 HIGH
hp compaqhttpserver
system_management_homepage 		HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypas… NVD-CWE-Other
CVE-2006-1774 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342840 7.5 HIGH
hp compaqhttpserver
system_management_homepage 		The only way to prevent this is to set the Trust level to "Trust by Certificates" NVD-CWE-Other
CVE-2006-1774 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342841 7.5 HIGH
simplog simplog PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter. NVD-CWE-Other
CVE-2006-1776 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342842 7.5 HIGH
simplog simplog Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences … NVD-CWE-Other
CVE-2006-1777 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342843 7.5 HIGH
simplog simplog Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) arch… NVD-CWE-Other
CVE-2006-1778 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342844 6.8 MEDIUM
simplog simplog Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. NVD-CWE-Other
CVE-2006-1779 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342845 2.6 LOW
patronet cms Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. NVD-CWE-Other
CVE-2006-1783 2018-10-19 01:36 2006-04-13 Show GitHub Exploit DB Packet Storm
342846 2.1 LOW
adobe document_server Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Downloa… NVD-CWE-Other
CVE-2006-1785 2018-10-19 01:36 2006-04-14 Show GitHub Exploit DB Packet Storm
342847 2.6 LOW
adobe document_server Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-reader… NVD-CWE-Other
CVE-2006-1786 2018-10-19 01:36 2006-04-14 Show GitHub Exploit DB Packet Storm
342848 2.6 LOW
adobe document_server Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed … NVD-CWE-Other
CVE-2006-1787 2018-10-19 01:36 2006-04-14 Show GitHub Exploit DB Packet Storm
342849 2.6 LOW
adobe document_server Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily id… NVD-CWE-Other
CVE-2006-1788 2018-10-19 01:36 2006-04-14 Show GitHub Exploit DB Packet Storm
342850 5.0 MEDIUM
georges_auberger pajax Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable. NVD-CWE-Other
CVE-2006-1789 2018-10-19 01:36 2006-04-14 Show GitHub Exploit DB Packet Storm