NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 20, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
342951	4.9	MEDIUM	enova	x-wall_asic	The Enova X-Wall ASIC encrypts with a key obtained via Microwire from a serial EEPROM that stores the key in cleartext, which allows local users with physical access to obtain the key by reading and …	NVD-CWE-Other	CVE-2006-1538	2018-10-19 01:33	2006-03-30	Show	GitHub Exploit DB Packet Storm

342952	4.9	MEDIUM	enova	x-wall_asic	Physical access to the device or hardware token is required to perform the attack.	NVD-CWE-Other	CVE-2006-1538	2018-10-19 01:33	2006-03-30	Show	GitHub Exploit DB Packet Storm

342953	7.8	HIGH	ezaspsite	ezaspsite	SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme par…	NVD-CWE-Other	CVE-2006-1541	2018-10-19 01:33	2006-03-30	Show	GitHub Exploit DB Packet Storm

342954	7.5	HIGH	vscripts	vnews	Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and …	NVD-CWE-Other	CVE-2006-1543	2018-10-19 01:33	2006-03-30	Show	GitHub Exploit DB Packet Storm

342955	4.3	MEDIUM	vscripts	vnews	Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza a…	NVD-CWE-Other	CVE-2006-1544	2018-10-19 01:33	2006-03-30	Show	GitHub Exploit DB Packet Storm

342956	9.0	HIGH	vscripts	vnews	Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variab…	NVD-CWE-Other	CVE-2006-1545	2018-10-19 01:33	2006-03-30	Show	GitHub Exploit DB Packet Storm

342957	9.3	HIGH	microsoft	office	MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally d…	CWE-94 Code Injection	CVE-2006-1540	2018-10-19 01:33	2006-03-30	Show	GitHub Exploit DB Packet Storm

342958	2.1	LOW	php	php	PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later vers…	CWE-399 Resource Management Errors	CVE-2006-1549	2018-10-19 01:33	2006-04-11	Show	GitHub Exploit DB Packet Storm

342959	2.1	LOW	php	php	Upgrade to PHP 5.1.3-RC3	CWE-399 Resource Management Errors	CVE-2006-1549	2018-10-19 01:33	2006-04-11	Show	GitHub Exploit DB Packet Storm

342960	7.6	HIGH	dia	dia	Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly invo…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2006-1550	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342961	7.5	HIGH	georges_auberger	pajax	Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.	NVD-CWE-Other	CVE-2006-1551	2018-10-19 01:33	2006-04-14	Show	GitHub Exploit DB Packet Storm

342962	5.1	MEDIUM	tachyon	vsns_lemon	SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.	NVD-CWE-Other	CVE-2006-1553	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342963	5.1	MEDIUM	tachyon	vsns_lemon	Successful exploitation requires that the "magic_quotes_gpc" parameter is disabled.	NVD-CWE-Other	CVE-2006-1553	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342964	2.6	LOW	tachyon	vsns_lemon	Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment.	NVD-CWE-Other	CVE-2006-1554	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342965	2.6	LOW	tachyon	vsns_lemon	Successful exploitation requires that the "magic_quotes_gpc" parameter is disabled.	NVD-CWE-Other	CVE-2006-1554	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342966	7.5	HIGH	tachyon	vsns_lemon	VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic.	NVD-CWE-Other	CVE-2006-1555	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342967	6.8	MEDIUM	al-caricatier	al-caricatier	Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or…	NVD-CWE-Other	CVE-2006-1556	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342968	7.5	HIGH	skintech	x-changer	Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id paramet…	NVD-CWE-Other	CVE-2006-1557	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342969	7.5	HIGH	skintech	phpnewsmanager	Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) bro…	NVD-CWE-Other	CVE-2006-1560	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342970	5.1	MEDIUM	vscripts	vbook	SQL injection vulnerability in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote attackers to execute arbitrary SQL commands via the x parameter.	NVD-CWE-Other	CVE-2006-1561	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342971	5.1	MEDIUM	vscripts	vbook	Successful exploitation requires that "magic_quotes_gpc" is set to off.	NVD-CWE-Other	CVE-2006-1561	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342972	6.8	MEDIUM	vscripts	vbook	Multiple cross-site scripting (XSS) vulnerabilities in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) au…	NVD-CWE-Other	CVE-2006-1562	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342973	7.6	HIGH	vscripts	vbook	Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, whi…	NVD-CWE-Other	CVE-2006-1563	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342974	7.6	HIGH	vscripts	vbook	Successful exploitation requires that "magic_quotes_gpc" is set to off.	NVD-CWE-Other	CVE-2006-1563	2018-10-19 01:33	2006-03-31	Show	GitHub Exploit DB Packet Storm

342975	5.1	MEDIUM	redcms	redcms	Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website paramet…	NVD-CWE-Other	CVE-2006-1568	2018-10-19 01:33	2006-04-1	Show	GitHub Exploit DB Packet Storm

342976	5.1	MEDIUM	redcms	redcms	Successful exploitation requires that "magic_quotes_gpc" is disabled.	NVD-CWE-Other	CVE-2006-1568	2018-10-19 01:33	2006-04-1	Show	GitHub Exploit DB Packet Storm

342977	5.1	MEDIUM	redcms	redcms	Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or …	NVD-CWE-Other	CVE-2006-1569	2018-10-19 01:33	2006-04-1	Show	GitHub Exploit DB Packet Storm

342978	5.1	MEDIUM	redcms	redcms	Successful exploitation requires that "magic_quotes_gpc" is disabled.	NVD-CWE-Other	CVE-2006-1569	2018-10-19 01:33	2006-04-1	Show	GitHub Exploit DB Packet Storm

342979	5.1	MEDIUM	r2xdesign	qlitenews	Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.	NVD-CWE-Other	CVE-2006-1571	2018-10-19 01:33	2006-04-1	Show	GitHub Exploit DB Packet Storm

342980	5.1	MEDIUM	r2xdesign	qlitenews	Successful exploitation requires "magic_quotes_gpc" to be disabled.	NVD-CWE-Other	CVE-2006-1571	2018-10-19 01:33	2006-04-1	Show	GitHub Exploit DB Packet Storm

342981	5.0	MEDIUM	o2php.com	oxygen	SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action.	NVD-CWE-Other	CVE-2006-1572	2018-10-19 01:33	2006-04-1	Show	GitHub Exploit DB Packet Storm

342982	7.5	HIGH	mediaslash.com	mediaslash_gallery	PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable).	NVD-CWE-Other	CVE-2006-1573	2018-10-19 01:33	2006-04-1	Show	GitHub Exploit DB Packet Storm

342983	6.8	MEDIUM	vscripts.pl	qlnews	Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters.	NVD-CWE-Other	CVE-2006-1575	2018-10-19 01:33	2006-04-3	Show	GitHub Exploit DB Packet Storm

342984	7.5	HIGH	vscripts.pl	qlnews	Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php.	NVD-CWE-Other	CVE-2006-1576	2018-10-19 01:33	2006-04-3	Show	GitHub Exploit DB Packet Storm

342985	7.5	HIGH	dbbs	dbbs	SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter.	NVD-CWE-Other	CVE-2006-1579	2018-10-19 01:33	2006-04-3	Show	GitHub Exploit DB Packet Storm

342986	5.8	MEDIUM	juliusz_julas_gonera	warcraft_iii_replay_parser_php	Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-dis…	NVD-CWE-Other	CVE-2006-1583	2018-10-19 01:33	2006-04-3	Show	GitHub Exploit DB Packet Storm

342987	6.4	MEDIUM	juliusz_julas_gonera	warcraft_iii_replay_parser_php	Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen func…	NVD-CWE-Other	CVE-2006-1584	2018-10-19 01:33	2006-04-3	Show	GitHub Exploit DB Packet Storm

342988	7.5	HIGH	internet_solutions_professionals	site_man	SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter.	NVD-CWE-Other	CVE-2006-1586	2018-10-19 01:33	2006-04-3	Show	GitHub Exploit DB Packet Storm

342989	7.5	HIGH	x-doom zdaemon	x-doom zdaemon	Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument.	NVD-CWE-Other	CVE-2006-1592	2018-10-19 01:33	2006-04-3	Show	GitHub Exploit DB Packet Storm

342990	5.0	MEDIUM	x-doom zdaemon	x-doom zdaemon	The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) vi…	CWE-399 Resource Management Errors	CVE-2006-1593	2018-10-19 01:33	2006-04-3	Show	GitHub Exploit DB Packet Storm

342991	7.8	HIGH	an	an-httpd	AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension.	NVD-CWE-Other	CVE-2006-1598	2018-10-19 01:33	2006-04-4	Show	GitHub Exploit DB Packet Storm

342992	7.5	HIGH	phpwebgallery	phpwebgallery	SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.	NVD-CWE-Other	CVE-2006-1600	2018-10-19 01:33	2006-04-4	Show	GitHub Exploit DB Packet Storm

342993	7.5	HIGH	phpnuke-clan	phpnuke-clan	PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL i…	NVD-CWE-Other	CVE-2006-1602	2018-10-19 01:33	2006-04-4	Show	GitHub Exploit DB Packet Storm

342994	5.1	MEDIUM	squery	squery	PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code vi…	CWE-94 Code Injection	CVE-2006-1610	2018-10-19 01:33	2006-04-4	Show	GitHub Exploit DB Packet Storm

342995	5.1	MEDIUM	aweb_labs	awebnews	Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) …	NVD-CWE-Other	CVE-2006-1612	2018-10-19 01:33	2006-04-4	Show	GitHub Exploit DB Packet Storm

342996	5.1	MEDIUM	aweb_labs	awebnews	Successful exploitation requires that "magic_quotes_gpc" is disabled.	NVD-CWE-Other	CVE-2006-1612	2018-10-19 01:33	2006-04-4	Show	GitHub Exploit DB Packet Storm

342997	5.0	MEDIUM	aweb_labs	awebnews	Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to…	NVD-CWE-Other	CVE-2006-1613	2018-10-19 01:33	2006-04-4	Show	GitHub Exploit DB Packet Storm

342998	5.0	MEDIUM	aweb_labs	awebnews	Condition: magic_quotes_gpc = off	NVD-CWE-Other	CVE-2006-1613	2018-10-19 01:33	2006-04-4	Show	GitHub Exploit DB Packet Storm

342999	5.1	MEDIUM	clam_anti-virus	clamav	Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a …	NVD-CWE-Other	CVE-2006-1614	2018-10-19 01:33	2006-04-7	Show	GitHub Exploit DB Packet Storm

343000	7.5	HIGH	doomsday	doomsday	Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in…	NVD-CWE-Other	CVE-2006-1618	2018-10-19 01:33	2006-04-5	Show	GitHub Exploit DB Packet Storm