8 matches found
Fedora Update for phpMyAdmin FEDORA-2008-6868
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
phpMyAdmin setup.php文件跨站脚本执行漏洞
BugCVE: CVE-2008-3456,CVE-2008-3457 BUGTRAQ: 30420 phpMyAdmin的scripts/setup.php文件中showoverview $title, $list, $buttons = ''函数没有正确地过滤685行echo $val1输入参数便返回给了用户,如果用户受骗跟随了恶意链接的话就会导致在用户浏览器会话中执行任意HTML和脚本代码。 phpMyAdmin 2.11.8 Debian ------ Debian已经为此发布了一个安全公告(DSA-1641-1)以及相应补丁: DSA-1641-1:New phpmyadmin...
Debian: Security Advisory (DSA-1641-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1641-1 : phpmyadmin - several vulnerabilities
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administrate MySQL databases over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4096 Remote authenticated users could execute arbitrary code on the host running...
[SECURITY] [DSA 1641-1] New phpmyadmin packages fix several issues
------------------------------------------------------------------------ Debian Security Advisory DSA-1641-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 20, 2008 http://www.debian.org/security/faq -...
CVE-2008-3457
Cross-site scripting XSS vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify...
CVE-2008-3457
CVE-2008-3457 is a user-assisted XSS in phpMyAdmin’s setup.php, exploitable only in rare scenarios where an attacker can modify config/config.inc.php. Multiple disclosures (Debian DSA-1641-1, OSV, openVAS entries) confirm the vulnerability in phpMyAdmin prior to 2.11.8. Remediation per sources is...
Cross-site Framing; XSS in setup.php
PMASA-2008-6 Announcement-ID: PMASA-2008-6 Date: 2008-07-28 Summary Cross-site Framing; XSS in setup.php Description We received two advisories from Aung Khant YGN Ethical Hacker Group, and we wish to thank him for his work. It was permitted to display phpMyAdmin's frames inside another page,...