NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 13, 2026, 4:20 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
343251	5.0	MEDIUM	ej3	topo	EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors.	NVD-CWE-Other	CVE-2006-3834	2018-10-18 06:31	2006-07-25	Show	GitHub Exploit DB Packet Storm

343252	5.0	MEDIUM	unidomedia	chameleon_le	Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter.	NVD-CWE-Other	CVE-2006-3836	2018-10-18 06:31	2006-07-25	Show	GitHub Exploit DB Packet Storm

343253	5.0	MEDIUM	professional_home_page_tools	professional_home_page_tools_guestbook	delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie's value, which makes it easier for attackers to steal the cookie and obt…	NVD-CWE-Other	CVE-2006-3837	2018-10-18 06:31	2006-07-25	Show	GitHub Exploit DB Packet Storm

343254	2.6	LOW	owasp	webscarab	Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script…	NVD-CWE-Other	CVE-2006-3841	2018-10-18 06:31	2006-07-26	Show	GitHub Exploit DB Packet Storm

343255	10.0	HIGH	eiqnetworks	enterprise_security_analyzer	Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Man…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2006-3838	2018-10-18 06:31	2006-07-27	Show	GitHub Exploit DB Packet Storm

343256	5.0	MEDIUM	iss	blackice_pc_protection blackice_server_protection proventia_desktop realsecure_desktop realsecure_network realsecure_server_sensor proventia_a_series_xpu proventia_g_series_xpu	The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, a…	CWE-399 Resource Management Errors	CVE-2006-3840	2018-10-18 06:31	2006-07-27	Show	GitHub Exploit DB Packet Storm

343257	4.3	MEDIUM	adventnet	zoho_virtual_office	Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message.	NVD-CWE-Other	CVE-2006-3842	2018-10-18 06:31	2006-07-26	Show	GitHub Exploit DB Packet Storm

343258	7.5	HIGH	mambo	mambo_calendar	PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.	NVD-CWE-Other	CVE-2006-3843	2018-10-18 06:31	2006-07-26	Show	GitHub Exploit DB Packet Storm

343259	6.8	MEDIUM	mambo	mambo_multibanners	PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path p…	CWE-94 Code Injection	CVE-2006-3846	2018-10-18 06:31	2006-07-26	Show	GitHub Exploit DB Packet Storm

343260	5.1	MEDIUM	canebluem	mospray	PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows…	CWE-94 Code Injection	CVE-2006-3847	2018-10-18 06:31	2006-07-26	Show	GitHub Exploit DB Packet Storm

343261	2.6	LOW	krischan_jodies	ip_calculator	Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), …	NVD-CWE-Other	CVE-2006-3848	2018-10-18 06:31	2006-07-26	Show	GitHub Exploit DB Packet Storm

343262	7.5	HIGH	pumpkin_studios	warzone warzone_resurrection	Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function…	NVD-CWE-Other	CVE-2006-3849	2018-10-18 06:31	2006-07-26	Show	GitHub Exploit DB Packet Storm

343263	4.3	MEDIUM	phptoys	micro_guestbook	Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields.	NVD-CWE-Other	CVE-2006-3852	2018-10-18 06:31	2006-07-26	Show	GitHub Exploit DB Packet Storm

343264	5.1	MEDIUM	ibm	informix_dynamic_server	Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.	NVD-CWE-Other	CVE-2006-3853	2018-10-18 06:31	2006-08-9	Show	GitHub Exploit DB Packet Storm

343265	5.1	MEDIUM	ibm	informix_dynamic_server	This vulnerability is only present in a Windows environment. This vulnerability is addressed in the following product releases: IBM, Informix IDS, 9.40.TC7 IBM, Informix IDS, 10.00.TC3	NVD-CWE-Other	CVE-2006-3853	2018-10-18 06:31	2006-08-9	Show	GitHub Exploit DB Packet Storm

343266	7.5	HIGH	ibm	informix_dynamic_database_server	Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, whic…	NVD-CWE-Other	CVE-2006-3854	2018-10-18 06:31	2006-08-17	Show	GitHub Exploit DB Packet Storm

343267	6.5	MEDIUM	ibm	informix_dynamic_server	The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR."	NVD-CWE-noinfo	CVE-2006-3855	2018-10-18 06:31	2006-08-9	Show	GitHub Exploit DB Packet Storm

343268	6.5	MEDIUM	ibm	informix_dynamic_server	This vulnerability is addressed in the following product releases: IBM, Informix IDS, 9.40 xC7 IBM, Informix IDS, 10.00 xC4	NVD-CWE-noinfo	CVE-2006-3855	2018-10-18 06:31	2006-08-9	Show	GitHub Exploit DB Packet Storm

343269	2.1	LOW	ibm	informix_dynamic_server	IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.	NVD-CWE-Other	CVE-2006-3856	2018-10-18 06:31	2006-08-9	Show	GitHub Exploit DB Packet Storm

343270	2.1	LOW	ibm	informix_dynamic_server	This vulnerability is addressed in the following product releases: IBM, Informix IDS, 9.40 xC7 IBM, Informix IDS, 10.00 xC3	NVD-CWE-Other	CVE-2006-3856	2018-10-18 06:31	2006-08-9	Show	GitHub Exploit DB Packet Storm

343271	6.5	MEDIUM	ibm	informix_dynamic_database_server	Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as u…	NVD-CWE-Other	CVE-2006-3857	2018-10-18 06:31	2006-08-9	Show	GitHub Exploit DB Packet Storm

343272	6.4	MEDIUM	intervations	filecopa	Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and …	NVD-CWE-Other	CVE-2006-3768	2018-10-18 06:30	2006-07-29	Show	GitHub Exploit DB Packet Storm

343273	2.6	LOW	top_xl	top_xl	Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or…	NVD-CWE-Other	CVE-2006-3769	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343274	2.6	LOW	top_xl	top_xl	Successful exploitation requires that register_globals is enabled.	NVD-CWE-Other	CVE-2006-3769	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343275	7.5	HIGH	phpfaber	topsites	Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters.	NVD-CWE-Other	CVE-2006-3770	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343276	7.5	HIGH	imaginex-resource	imanage_cms	Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to …	NVD-CWE-Other	CVE-2006-3771	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343277	5.1	MEDIUM	php-post	php-post	PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the loginco…	NVD-CWE-Other	CVE-2006-3772	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343278	6.8	MEDIUM	joomla	performs_component	PHP remote file inclusion vulnerability in performs.php in the perForms component (com_performs) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mos…	CWE-94 Code Injection	CVE-2006-3774	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343279	7.5	HIGH	mybulletinboard	mybulletinboard	SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SE…	CWE-89 SQL Injection	CVE-2006-3775	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343280	5.0	MEDIUM	keyifweb	keyif_portal	Keyifweb Keyif Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) ANKET/ank…	NVD-CWE-Other	CVE-2006-3780	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343281	7.2	HIGH	symantec	pcanywhere	Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) f…	NVD-CWE-Other	CVE-2006-3784	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343282	2.1	LOW	symantec	pcanywhere	Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain th…	NVD-CWE-Other	CVE-2006-3785	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343283	3.6	LOW	symantec	pcanywhere	Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.	NVD-CWE-Other	CVE-2006-3786	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343284	2.1	LOW	kerio	personal_firewall	kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass…	NVD-CWE-Other	CVE-2006-3787	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343285	7.5	HIGH	ufo2000	ufo2000	Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, N…	NVD-CWE-Other	CVE-2006-3788	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343286	7.5	HIGH	ufo2000	ufo2000	Multiple array index errors in the (1) recv_rules, (2) recv_select_unit, (3) recv_options, and (4) recv_unit_data functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbi…	NVD-CWE-Other	CVE-2006-3789	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343287	5.0	MEDIUM	ufo2000	ufo2000	The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with…	NVD-CWE-Other	CVE-2006-3790	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343288	5.0	MEDIUM	ufo2000	ufo2000	The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a cra…	NVD-CWE-Other	CVE-2006-3791	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343289	7.5	HIGH	ufo2000	ufo2000	SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the …	NVD-CWE-Other	CVE-2006-3792	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343290	5.1	MEDIUM	sitedepth	sitedepth_cms	PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter.	NVD-CWE-Other	CVE-2006-3793	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343291	2.6	LOW	deluxebb	deluxebb	Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) red…	NVD-CWE-Other	CVE-2006-3795	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343292	7.5	HIGH	deluxebb	deluxebb	DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and b…	NVD-CWE-Other	CVE-2006-3796	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343293	7.5	HIGH	deluxebb	deluxebb	SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.	NVD-CWE-Other	CVE-2006-3797	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343294	5.0	MEDIUM	deluxebb	deluxebb	DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variab…	NVD-CWE-Other	CVE-2006-3798	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343295	7.5	HIGH	deluxebb	deluxebb	DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other…	NVD-CWE-Other	CVE-2006-3799	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343296	4.3	MEDIUM	amazing_flash_commerce	afcommerce_shopping_cart	Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box.	NVD-CWE-Other	CVE-2006-3800	2018-10-18 06:30	2006-07-24	Show	GitHub Exploit DB Packet Storm

343297	7.5	HIGH	mozilla	firefox seamonkey	Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attack…	NVD-CWE-Other	CVE-2006-3801	2018-10-18 06:30	2006-07-28	Show	GitHub Exploit DB Packet Storm

343298	5.8	MEDIUM	mozilla	firefox seamonkey thunderbird	Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scrip…	NVD-CWE-Other	CVE-2006-3802	2018-10-18 06:30	2006-07-28	Show	GitHub Exploit DB Packet Storm

343299	5.1	MEDIUM	mozilla	firefox seamonkey thunderbird	Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary cod…	NVD-CWE-Other	CVE-2006-3803	2018-10-18 06:30	2006-07-28	Show	GitHub Exploit DB Packet Storm

343300	5.0	MEDIUM	mozilla	seamonkey thunderbird	Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64…	NVD-CWE-Other	CVE-2006-3804	2018-10-18 06:30	2006-07-28	Show	GitHub Exploit DB Packet Storm