11 matches found
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)
The remote host is missing updates announced in advisory GLSA 200903-32. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Fedora Update for phpMyAdmin FEDORA-2007-3666
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for phpMyAdmin FEDORA-2007-3639
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
phpMyAdmin DB_Create.PHP多个输入验证漏洞
BUGTRAQ ID: 26512 CVE ID:CVE-2007-5976 CVE-2007-5977 CNCVE ID:CNCVE-20075977 phpMyAdmin是一款基于WEB的MySQL管理程序。 phpMyAdmin DBCreate.PHP存在多个输入验证问题,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 问题是由于DBCreate.PHP对参数缺少充分过滤,提交恶意脚本代码作为参数数据,并诱使用户解析,可导致恶意脚本代码在目标用户浏览器上执行。 RedHat Fedora 7 0 phpMyAdmin phpMyAdmin 2.11.1 phpMyAdmi...
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
CVE-2007-5977
CVE-2007-5977 is an XSS vulnerability in phpMyAdmin (db_create.php) affecting versions before 2.11.2.1, where remote authenticated users with CREATE DATABASE privileges can inject script via a hex-encoded IMG in the db parameter of a POST request. Connected advisories note related issues in phpMy...
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
FreeBSD : phpmyadmin -- XSS vulnerability (2d2dcbb4-906c-11dc-a951-0016179b2dd5)
The DigiTrust Group reports : When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...
XSS vulnerabilities
PMASA-2007-7 Announcement-ID: PMASA-2007-7 Date: 2007-11-11 Summary XSS vulnerabilities Description We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to create a malicious database name that contains XSS code. Our team fixed...