7 matches found
CVE-2009-1148
Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...
CVE-2009-1148
Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...
CVE-2009-1148
Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...
CVE-2009-1148
Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...
CVE-2009-1148
Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...
CVE-2009-1148
CVE-2009-1148 : phpMyAdmin before 3.1.3.1 contains a directory traversal in the BLOB streaming feature (bs_disp_as_mime_type.php) that allows remote attackers to read arbitrary files via the file_path parameter. Public data from Red Hat and openSUSE/Nessus/OpenVAS entries confirm this is a phpMyA...
HTTP Response Splitting and file inclusion vulnerability.
PMASA-2009-1 Announcement-ID: PMASA-2009-1 Date: 2009-03-24 Summary HTTP Response Splitting and file inclusion vulnerability. Description The BLOB streaming feature allowed attacker to include arbitrary files and inject HTTP headers using crafted URL parameters. Severity We consider this...