NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:June 20, 2026, 4:01 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
343001 5.0 MEDIUM
hosting_controller hosting_controller admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName paramet… NVD-CWE-Other
CVE-2006-1620 2018-10-19 01:33 2006-04-5 Show GitHub Exploit DB Packet Storm
343002 4.0 MEDIUM
hosting_controller hosting_controller Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenP… NVD-CWE-Other
CVE-2006-1621 2018-10-19 01:33 2006-04-5 Show GitHub Exploit DB Packet Storm
343003 6.8 MEDIUM
phpselect phpselect Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other ve… NVD-CWE-Other
CVE-2006-1622 2018-10-19 01:33 2006-04-5 Show GitHub Exploit DB Packet Storm
343004 4.3 MEDIUM
andries_bruinsma flexible_development Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary… NVD-CWE-Other
CVE-2006-1623 2018-10-19 01:33 2006-04-5 Show GitHub Exploit DB Packet Storm
343005 7.8 HIGH
linux linux_kernel The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplificat… NVD-CWE-Other
CVE-2006-1624 2018-10-19 01:33 2006-04-5 Show GitHub Exploit DB Packet Storm
343006 6.8 MEDIUM
mybulletinboard mybulletinboard Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode… NVD-CWE-Other
CVE-2006-1625 2018-10-19 01:33 2006-04-5 Show GitHub Exploit DB Packet Storm
343007 7.5 HIGH
adobe acrobat_reader Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pag… NVD-CWE-Other
CVE-2006-1627 2018-10-19 01:33 2006-04-14 Show GitHub Exploit DB Packet Storm
343008 7.5 HIGH
vwar virtual_war PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a di… CWE-94
Code Injection 		CVE-2006-1636 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343009 4.3 MEDIUM
aweb_labs awebbb Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname… NVD-CWE-Other
CVE-2006-1637 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343010 5.1 MEDIUM
aweb_labs awebbb Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) … NVD-CWE-Other
CVE-2006-1638 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343011 5.1 MEDIUM
aweb_labs awebbb Successful exploitation requires "magic_quotes_gpc" to be disabled. NVD-CWE-Other
CVE-2006-1638 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343012 5.1 MEDIUM
wire_plastik_design wpblog SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. NVD-CWE-Other
CVE-2006-1639 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343013 5.1 MEDIUM
wire_plastik_design wpblog Successful exploitation requires that "magic_quotes_gpc" is disabled. This vulnerability may affect all previous versions of Wire Plastik Design, wpBlog before 0.4 NVD-CWE-Other
CVE-2006-1639 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343014 2.6 LOW
czaries_network czarnews Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NVD-CWE-Other
CVE-2006-1640 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343015 5.1 MEDIUM
czaries_network czarnews Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) n… NVD-CWE-Other
CVE-2006-1641 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343016 5.1 MEDIUM
czaries_network czarnews Successful exploitation requires that "magic_quotes_gpc" is disabled. NVD-CWE-Other
CVE-2006-1641 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343017 6.8 MEDIUM
reloadcms reloadcms Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execu… NVD-CWE-Other
CVE-2006-1645 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343018 7.8 HIGH
smart_technologies synchroneyes An unspecified "logical programming mistake" in SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service via a large packet to t… NVD-CWE-Other
CVE-2006-1647 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343019 5.0 MEDIUM
smart_technologies synchroneyes SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service (memory consumption) via a certain packet to the Teacher discovery port… NVD-CWE-Other
CVE-2006-1648 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343020 7.2 HIGH
eset_software nod32_antivirus The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users… NVD-CWE-Other
CVE-2006-1649 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343021 7.2 HIGH
eset_software nod32_antivirus ESET NOD32 Antivirus version 2.51.26 fixes this vulnerability. All versions of this product prior to 2.51.26 are vulnerable. NVD-CWE-Other
CVE-2006-1649 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343022 5.0 MEDIUM
mozilla firefox Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window lo… NVD-CWE-Other
CVE-2006-1650 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343023 9.0 HIGH
ultravnc tabbed_viewer
vnc_viewer 		Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that se… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2006-1652 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343024 9.0 HIGH
ultravnc tabbed_viewer
vnc_viewer 		There are two seperate vulnerabilities here; One allows escalated priveleges to authenticated users, the other allows remote unauthenticated users to cause a Denial of Service (DoS). CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2006-1652 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343025 7.5 HIGH
angelinecms angelinecms PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter. NVD-CWE-Other
CVE-2006-1653 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343026 5.0 MEDIUM
hp color_laserjet_2500_toolbox
color_laserjet_4600_toolbox
color_laserjet
color_laserjet_2500
color_laserjet_2500l
color_laserjet_2500lse
color_laserjet_2500n
color_laserjet_2500tn<… 		Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (… NVD-CWE-Other
CVE-2006-1654 2018-10-19 01:33 2006-04-6 Show GitHub Exploit DB Packet Storm
343027 4.3 MEDIUM
chucky_a._ivey n.t. Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered whe… NVD-CWE-Other
CVE-2006-1657 2018-10-19 01:33 2006-04-7 Show GitHub Exploit DB Packet Storm
343028 7.5 HIGH
chucky_a._ivey n.t. Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. … NVD-CWE-Other
CVE-2006-1658 2018-10-19 01:33 2006-04-7 Show GitHub Exploit DB Packet Storm
343029 7.5 HIGH
limbo_cms limbo_cms The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php. NVD-CWE-Other
CVE-2006-1662 2018-10-19 01:33 2006-04-7 Show GitHub Exploit DB Packet Storm
343030 2.6 LOW
arab_portal arab_portal Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in … NVD-CWE-Other
CVE-2006-1665 2018-10-19 01:33 2006-04-7 Show GitHub Exploit DB Packet Storm
343031 7.5 HIGH
arab_portal arab_portal SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable allows remote attackers to execute arbitrary SQL commands via the mineID parameter. NVD-CWE-Other
CVE-2006-1666 2018-10-19 01:33 2006-04-7 Show GitHub Exploit DB Packet Storm
343032 6.4 MEDIUM
phpheaven phpmychat SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can … NVD-CWE-Other
CVE-2006-1669 2018-10-19 01:33 2006-04-7 Show GitHub Exploit DB Packet Storm
343033 2.6 LOW
phpwebgallery phpwebgallery Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) cat… NVD-CWE-Other
CVE-2006-1675 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343034 4.3 MEDIUM
jupiter_cms jupiter_cms Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php. NVD-CWE-Other
CVE-2006-1679 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343035 2.6 LOW
jupiter_cms jupiter_cms Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php. NVD-CWE-Other
CVE-2006-1680 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343036 7.5 HIGH
chipmunk_scripts chipmunk_guestbook SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. NVD-CWE-Other
CVE-2006-1683 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343037 7.2 HIGH
hp hp-ux Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. NVD-CWE-Other
CVE-2006-1689 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343038 7.2 HIGH
hp hp-ux HP-UX B.11.11: Install PHCO_34545 or later. NVD-CWE-Other
CVE-2006-1689 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343039 4.3 MEDIUM
matt_wright matt_wright_guestbook Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when … NVD-CWE-Other
CVE-2006-1697 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343040 2.6 LOW
shadowed_portal shadowed_portal Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. NVD-CWE-Other
CVE-2006-1701 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343041 7.5 HIGH
spip spip PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NVD-CWE-Other
CVE-2006-1702 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343042 7.5 HIGH
hubert_plisson sire PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter. NVD-CWE-Other
CVE-2006-1703 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343043 5.0 MEDIUM
hubert_plisson sire Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. NVD-CWE-Other
CVE-2006-1704 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343044 2.1 LOW
oracle oracle10g
oracle9i 		Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that vi… NVD-CWE-Other
CVE-2006-1705 2018-10-19 01:33 2006-04-11 Show GitHub Exploit DB Packet Storm
343045 9.3 HIGH
microsoft excel
excel_viewer 		Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data… CWE-94
Code Injection 		CVE-2006-1304 2018-10-19 01:32 2006-07-14 Show GitHub Exploit DB Packet Storm
343046 9.3 HIGH
microsoft excel
excel_viewer 		Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a functi… CWE-94
Code Injection 		CVE-2006-1306 2018-10-19 01:32 2006-07-14 Show GitHub Exploit DB Packet Storm
343047 7.5 HIGH
microsoft windows_2000
windows_2003_server
windows_xp 		Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrar… NVD-CWE-Other
CVE-2006-1314 2018-10-19 01:32 2006-07-12 Show GitHub Exploit DB Packet Storm
343048 5.0 MEDIUM
microsoft server_service The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted reque… NVD-CWE-Other
CVE-2006-1315 2018-10-19 01:32 2006-07-12 Show GitHub Exploit DB Packet Storm
343049 5.1 MEDIUM
webtoolmaster_software winhki Directory traversal vulnerability in WinHKI 1.6 and earlier allows user-assisted attackers to overwrite arbitrary files via a (1) RAR, (2) TAR, (3) ZIP, or (4) TAR.GZ archive with a file whose file n… NVD-CWE-Other
CVE-2006-1323 2018-10-19 01:32 2006-03-21 Show GitHub Exploit DB Packet Storm
343050 4.3 MEDIUM
invision_power_services invision_power_board Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) fo… NVD-CWE-Other
CVE-2006-1326 2018-10-19 01:32 2006-03-21 Show GitHub Exploit DB Packet Storm