2006 CVE Vulnerabilities

7,145 CVEs published in 2006.

Filter:UNKNOWNClear
CVE IDSeverityCVSSDescription
CVE-2006-3415Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man...
CVE-2006-3414Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote atta...
CVE-2006-3413The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which al...
CVE-2006-3404Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attack...
CVE-2006-3402SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the passwor...
CVE-2006-3401Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause...
CVE-2006-3400Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) ...
CVE-2006-3399Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject...
CVE-2006-3398The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remot...
CVE-2006-3397Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary...
CVE-2006-3396PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows r...
CVE-2006-3395PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PH...
CVE-2006-3394SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary S...
CVE-2006-3393Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allo...
CVE-2006-3392Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote ...
CVE-2006-3391The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files ...
CVE-2006-3390WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as t...
CVE-2006-3386index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation...
CVE-2006-3388Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web scri...
CVE-2006-3387Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remot...
CVE-2006-3389index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an...
CVE-2006-3364SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execut...
CVE-2006-3359Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web s...
CVE-2006-3380Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service...
CVE-2006-3368Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attac...

Check if your code is affected by 2006 CVEs

Strix scans your code and infrastructure for known vulnerabilities automatically.

Scan your code now