19 matches found
EUVD-2019-4781
Malware in sbrugna...
EUVD-2006-5249
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-13274
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. CVE-2019-13274 Note that Nessu...
CVE-2024-5415 Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to...
PT-2024-36073
Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/backup.php" API endpoint, using the comments and db parameters. This could allow an attacker ...
PhpMyBackupPro 跨站脚本漏洞
PhpMyBackupPro is a very easy to use, free web-based MySQL backup application from the Chris Younger project. A cross-site scripting vulnerability exists in PhpMyBackupPro version 2.3, which stems from a cross-site scripting vulnerability in the comments, db parameter in /phpmybackuppro/backup.ph...
PT-2023-30680 · Unknown +1 · Cams Biometrics Zkteco +3
Name of the Vulnerable Software and Affected Versions: Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance aka odoo-biometric-attendance versions 13.0 through 16.0.1 Description: The issue allows a remote attacker to execute arbitrary code and gain privileges via t...
SUSE CVE-2008-4775
Cross-site scripting XSS vulnerability in pmdpdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and...
CVE-2008-3197
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
CVE-2019-13274
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter...
phpMyAdmin <= 3.3.0 'db' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35531/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...
CVE-2011-5136
showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter...
DEBIAN-CVE-2008-4775
Cross-site scripting XSS vulnerability in pmdpdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and...
CVE-2008-4775
Cross-site scripting XSS vulnerability in pmdpdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
DEBIAN-CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
Remote file inclusion
PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the fullpathtodb parameter...
DEBIAN-CVE-2007-1395
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting XSS attacks by injecting arbitrary JavaScript or HTML in a 1 db or 2 table parameter value followed by an uppercase end tag, which bypasses the protection...
PT-2000-1324 · Gossamer Threads · Gossamer Threads Dbman
Name of the Vulnerable Software and Affected Versions: Gossamer Threads DBMan version db.cgi Description: The issue allows remote attackers to view environmental variables and setup information. This is achieved by referencing a non-existing database in the db parameter. Recommendations: For...