CVE-2010-2958

CVE-2010-2958 affects phpMyAdmin 3.x before 3.3.6. The vulnerability is a cross-site scripting (XSS) flaw in libraries/Error.class.php triggered by PHP backtrace/error messages, allowing remote attackers to inject arbitrary script/HTML. Exploitation details are documented in the CVE entry; the de...

CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

phpMyAdmin setup.php Verbose Server Name XSS (PMASA-2010-7)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to the 'verbose server name' field. A remote attacker could exploit this by tricking a user into executing arbitrary script code. %NASLMINLEVEL 70300 C Tenable...

XSS attack on setup script.

PMASA-2010-7 Announcement-ID: PMASA-2010-7 Date: 2010-09-08 Summary XSS attack on setup script. Description It was possible to conduct a XSS attack using spoofed request to setup script. Severity We consider this vulnerability to be non critical. Affected Versions For 3.x: versions before 3.3.7 a...

Mandriva Update for phpmyadmin MDVSA-2010:164 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVSA-2010:164 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Mandriva Update for phpmyadmin MDVSA-2010:164 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVSA-2010:164 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

phpMyAdmin Debug Backtrace Cross Site Scripting Vulnerability

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

phpMyAdmin 3.x < 3.3.6 XSS

Binary data 5652.prm...

[SECURITY] [DSA 2097-1] New phpmyadmin packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2097-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 29, 2010 http://www.debian.org/security/faq -...

Debian DSA-2097-1 : phpmyadmin - insufficient input sanitising

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-3055 The configuration setup script does not properly sanitise its output file, which allows...

phpMyAdmin Multiple Cross Site Scripting Vulnerabilities

phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

XSS attack using debugging messages.

PMASA-2010-6 Announcement-ID: PMASA-2010-6 Date: 2010-08-30 Summary XSS attack using debugging messages. Description It was possible to conduct a XSS attack using error messages in PHP backtrace. Severity We consider this vulnerability to be non critical. Mitigation factor Additional steps from...

phpMyAdmin 'CVE-2010-3055' Configuration File PHP Code Injection Vulnerability

phpMyAdmin is prone to a remote PHP code injection vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] [DSA 2097-1] New phpmyadmin packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2097-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 29, 2010 http://www.debian.org/security/faq -...

DSA-2097-1 phpmyadmin - several vulnerabilities

Bulletin has no description...

phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. Submitting a specially crafted POST request can result in arbitrary PHP code injection. A remote...

CVE-2010-3056

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 dbsearch.php, 2 dbsql.php, 3 dbstructure.php, 4 js/messages.php, 5 libraries/common.lib.php, 6...

DEBIAN-CVE-2010-3056

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 dbsearch.php, 2 dbsql.php, 3 dbstructure.php, 4 js/messages.php, 5 libraries/common.lib.php, 6...

CVE-2010-3056

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 dbsearch.php, 2 dbsql.php, 3 dbstructure.php, 4 js/messages.php, 5 libraries/common.lib.php, 6...