26 matches found
SUSE CVE-2005-0992
Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...
SUSE CVE-2007-6100
Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...
CVE-2008-3197
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
phpMyAdmin 2.6.2 convcharset参数存在XSS漏洞
No description provided by source...
phpMyAdmin登录页面跨站脚本漏洞
BugCVE: CVE-2007-6100 BUGTRAQ: 26513 phpMyAdmin处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在用户浏览器中执行恶意代码。 phpMyAdmin登录页面的index.php文件中没有验证对convcharset参数的输入,如果用户提交了恶意的URL请求的话就可能导致执行跨站脚本。 $ grep -n convcharset libraries/auth/cookie.auth.lib.php 48: @uses $GLOBALS'convcharset' 236: input type="hidden"...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
CVE-2008-3197
CVE-2008-3197 affects phpMyAdmin prior to 2.11.7.1, introducing a cross-site request forgery (CSRF) that enables unauthorized actions via links or image tags. The CSRF targets (1) the db parameter in the “Creating a Database” function (db_create.php) and (2) convcharset and collation_connection r...
Fedora 7 : phpMyAdmin-2.11.2.2-1.fc7 (2007-3666)
The login page authtype cookie was vulnerable to XSS via the convcharset parameter PMASA-2007-8. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
DEBIAN-CVE-2007-6100
Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...
CVE-2007-6100
Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...
CVE-2007-6100
Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...
phpMyAdmin登录页跨站脚本漏洞
phpMyAdmin是一款基于WEB的MySQL管理程序。 phpMyAdmin登录页不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行跨站脚本攻击,可获得敏感信息或未授权访问应用程序。 问题是登录页authtype cookie存在输入验证问题,通过提交恶意脚本代码作为convcharset参数数据,可导致恶意脚本代码在浏览器上执行,可获得敏感信息或未授权访问应用程序。 phpMyAdmin phpMyAdmin 2.11.1 phpMyAdmin phpMyAdmin 2.9.1 phpMyAdmin phpMyAdmin 2.9 rc1 phpMyAdmin...
XSS vulnerability
PMASA-2007-8 Announcement-ID: PMASA-2007-8 Date: 2007-11-20 Summary XSS vulnerability Description We received an advisory from Tim Brown, Nth Dimension, and we wish to thank him for his work. The login page authtype cookie was vulnerable to XSS via the convcharset parameter. Severity We consider...
phpmyadmin -- Cross Site Scripting
phpMyAdmin security announcement: The login page authtype cookie was vulnerable to XSS via the convcharset parameter. An attacker could use this to execute malicious code on the visitors computer...
DEBIAN-CVE-2007-0341
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
CVE-2007-0341
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
xss in phpmyadmin <= 2.8.1
although = v2.8.2 isn't vulnerable anymore, i still think this issue is important because phpmyadmin.net still offers 2.7.2-pl2 for download on their website and this is a vulnerable version. it's an xss bug that wasn't fixed properly reference:...
CVE-2005-0992
Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...
CVE-2005-0992
Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...
DEBIAN-CVE-2005-0992
Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...