74 matches found
CVE-2007-4370
creationtimestamp| type| source ---|---|--- 2009-03-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8253 2010-09-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16694 2018-05-29 15:50:33+00:00| seen|...
Debian DSA-1641-1 : phpmyadmin - several vulnerabilities
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administrate MySQL databases over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4096 Remote authenticated users could execute arbitrary code on the host running...
DEBIAN-CVE-2008-3197
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
CVE-2008-3197
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
cPanel跨站请求伪造漏洞
CVECAN ID: CVE-2008-2043 cPanel是基于web的工具,用于自动化控制网站和服务器。 cPanel没有验证用户通过HTTP请求所执行的某些操作,这允许远程攻击者通过跨站请求伪造(XSRF)攻击执行仅有管理员才可以执行的操作,包括创建新的数据库、添加新用户等。 cPanel 11.18.3 build ID 21703 临时解决方法: 启用Referrer检查: 1 导航至Server configuration 2 找到Tweak Settings 3 在WebHost Manager中找到Security 4 选择复选框并保存页面 厂商补丁: cPanel...
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group reports: When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...
MySQL privilege elevation and security restrictions bypass vulnerability-vulnerability warning-the black bar safety net
Affected systems: MySQL AB MySQL = 5.1.10 Description: BUGTRAQ ID: 1 9 5 5 9 MySQL is a very widely used open source relational database system, with a variety of platforms running version. In MySQL, have access but no permission to create users can be created with the Access database only the na...
CVE-2006-3861
IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases...
CVE-2006-3861
IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases...
CVE-2006-3861
IBM Informix Dynamic Server (IDS) is affected by CVE-2006-3861. Affected versions are IDS 9.40.xC6 and earlier and 10.00.xC2/C1 before 9.40.xC7 and 10.00.xC3, where the product does not enforce database creation permissions. This allows remote authenticated users to create arbitrary databases, po...
[Full-disclosure] MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp file handling
MySQL mysqlinstalldb data manipulation vendor: http://www.mysql.com advisory: http://www.zataz.net/adviso/mysql-05172005.txt vendor informed: yes exploit available:no MySQL contain a security flaw how could allow a malicious local attacker to inject arbitrary SQL commands during database creation...
mysql-server -- insecure temporary file creation
A Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process. The problem lies in the mysqlinstalldb script which creates temporary files based on the PID used by the script...
File reading vulnerable in PHP and MySQL (Local Exploit)
Attacker can use PHP and mySQL to read some local file following this way: Create a database mySQL and upload this file to your server PHP Code: viewfile.php programmed by Luke ====================================================== ? // config this data $dbhost = ""; $dbuser = ""; $dbpasswd = "";...