[CLOSE] OSVDB ID : 30171 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.

[CLOSE] OSVDB ID : 30129 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5878. Reason: This candidate is a duplicate of CVE-2006-5878. Notes: All CVE users should reference CVE-2006-5878 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

[CLOSE] OSVDB ID : 30174 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream.

[CLOSE] OSVDB ID : 30172 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.

[CLOSE] OSVDB ID : 30362 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

[CLOSE] OSVDB ID : 30170 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation.

[CLOSE] OSVDB ID : 30169 - Disclosed: 2006-11-01

Description:

Cisco Security Agent Management Center contains a flaw that may allow a malicious user to log in with administrative privileges. The issue is triggered when external LDAP authentication is used, and an attacker supplies a valid administrator name and zero-length password, which will result in a valid login due to a failure to handle an LDAP authentication error. It is possible that the flaw may allow unauthorized administrative access resulting in a loss of integrity.

[CLOSE] OSVDB ID : 31963 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter.

[CLOSE] OSVDB ID : 30155 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."

[CLOSE] OSVDB ID : 32622 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files.

[CLOSE] OSVDB ID : 32623 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files.

[CLOSE] OSVDB ID : 30090 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.