CVE-2017-1000015

CVE-2017-1000015 : phpMyAdmin versions 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack via crafted cookie parameters. The connected documents confirm the affected software and the underlying issue is a CSS injection triggered by cookie values; no exploit details or in‑the‑wild data are...

CVE-2017-1000015

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters...

phpMyAdmin 4.0.x < 4.0.10.19, 4.4.x < 4.4.15.10, 4.6.x < 4.6.6 Multiple Vulnerabilities - Linux

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

openSUSE Security Update : phpMyAdmin (openSUSE-2017-198)

This update to phpMyAdmin 4.4.15.10 fixes the following security issues : - CVE-2016-6621: Multiple vulnerabilities in setup script PMASA-2016-44 - Open redirect PMASA-2017-1 - CVE-2015-8980: php-gettext code execution PMASA-2017-2 - DOS vulnerability in table editing PMASA-2017-3 - CSS injection...

Updated phpmyadmin packages fix security vulnerabilities

Multiple vulnerabilities in setup script CVE-2016-6621 / PMASA-2016-44. Open redirect PMASA-2017-1. php-gettext code execution CVE-2015-8980 / PMASA-2017-2. DOS vulnerability in table editing PMASA-2017-3. CSS injection in themes PMASA-2017-4. SSRF in replication PMASA-2017-6. DOS in replication...

MGASA-2017-0038 Updated phpmyadmin packages fix security vulnerabilities

Multiple vulnerabilities in setup script CVE-2016-6621 / PMASA-2016-44. Open redirect PMASA-2017-1. php-gettext code execution CVE-2015-8980 / PMASA-2017-2. DOS vulnerability in table editing PMASA-2017-3. CSS injection in themes PMASA-2017-4. SSRF in replication PMASA-2017-6. DOS in replication...

CVE-2016-8999

IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS...

FreeBSD : phpMyAdmin -- Multiple vulnerabilities (7721562b-e20a-11e6-b2e2-6805ca0b3d42)

The phpMyAdmin development team reports : Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

phpMyAdmin -- Multiple vulnerabilities

The phpMyAdmin development team reports: Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status...

CSS injection in themes

PMASA-2017-4 Announcement-ID: PMASA-2017-4 Date: 2017-01-24 Summary CSS injection in themes Description It was possible to cause CSS injection in themes by crafted cookie parameters. Severity We consider this to be non critical. Affected Versions All 4.6.x versions prior to 4.6.6, 4.4.x versions...

safe-editor <= 1.1 - Unauthenticated CSS/JS-injection

When saving JS/CSS in this plugin then both private and public ajax-hooks are being used. Because of this anyone can post JS/CSS that are saved to the db and printed to the head and footer portion of the page. PoC In the file "index.php" in root folder on line 188 and 189 you can see that both...

Checkpoint Cross Site Scripting

Exploit Title: Checkpoint.com sub-domains Reflected XSS RXSS Date: 12/11/2015 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.checkpoint.com Version: / Category: Reflected Cross Site Scripting Google dork: Tested on: checkpoint.com sub-domains Checkpoint description :...

phpBB CSS Injection Vulnerability

phpBB is phpBB group developed a set of open-source use of PHP language development of Web forum software . The software has support for multiple languages , support for multiple databases and customized layout and so on. A CSS injection vulnerability exists in phpBB, which arises from the...

HackerOne: Vulnerability with the way \ escaped characters in <http://danlec.com> style links are rendered

Uh\ oh! Basic POC: Sequences like test\ are rendered as http://test Examples of what could be done with this: Obviously there's a whole variety of stuff that can be done when you can inject arbitrary HTML, even in spite of the CSP protection. We can put in elements we're not supposed to see above...

eBay.com ocsnext CSS Injection

Exploit Title: eBay.com ocsnext sub-domain Reflected CSS injection Date: 20/12/2014 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ebay.com Version: / Category: Reflected CSS injection Google dork: Tested on: eBay.com ocsnext sub-domain Adobe description :...

Mozilla: CSS and HTML injection through Style Inspector (MFSA 2012-104)

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets CSS token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via ...

MediaWiki 1.16.3之前版本存在多个远程漏洞

Bugtraq ID: 47354 MediaWiki是一套以GPL授权发行的Wiki引擎。 MediaWiki存在多个安全漏洞，允许恶意用户进行跨站脚本攻击和绕过部分安全限制。 -应用程序不正确防止部分浏览器如Internet Explorer 6基于查询URL结尾来猜测内容类型，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -通过CSS评注传递的输入在显示给用户之前，wikitext解析器没有对其进行过滤，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -transwiki导入功能没有正确限制表单发送访问，可被利用执行未授权远程资源导入。...

CVE-2011-0161

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets CSS token sequences via a crafted web site...

Design/Logic Flaw

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets CSS token sequences via a crafted web site...

UBUNTU-CVE-2011-0161

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets CSS token sequences via a crafted web site...