CVE-2009-1148

CVE-2009-1148 : phpMyAdmin before 3.1.3.1 contains a directory traversal in the BLOB streaming feature (bs_disp_as_mime_type.php) that allows remote attackers to read arbitrary files via the file_path parameter. Public data from Red Hat and openSUSE/Nessus/OpenVAS entries confirm this is a phpMyA...

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attack...

phpMyAdmin Code Injection and XSS Vulnerability

phpMyAdmin is prone to a remote PHP code-injection vulnerability and to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities

phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTTP response-splitting vulnerability and a local file-include vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

[SECURITY] Fedora 9 Update: phpMyAdmin-3.1.3.1-1.fc9

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

phpMyAdmin 'setup.php' PHP Code Injection Vulnerability

Description phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks...

FreeBSD : phpmyadmin -- insufficient output sanitizing when generating configuration file (06f9174f-190f-11de-b2f0-001c2514716c)

phpMyAdmin reports : Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

PT-2009-1127 · Phpmyadmin · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 2.11.x through 2.11.9.4 phpMyAdmin versions 3.x through 3.1.3.0 Description: The issue is related to a static code injection vulnerability in the setup.php file of phpMyAdmin. This vulnerability allows remote attackers to...

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

Insufficient output sanitizing when generating configuration file.

PMASA-2009-3 Announcement-ID: PMASA-2009-3 Date: 2009-03-24 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

Cross-site scripting on export page using cookies.

PMASA-2009-2 Announcement-ID: PMASA-2009-2 Date: 2009-03-24 Summary Cross-site scripting on export page using cookies. Description Export page uses cookies to remember user settings of file name template. These cookies could be used for cross-site scripting because they were not sanitized...

phpMyAdmin Multiple Input Validation Vulnerabilities

phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced...

phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities

phpMyAdmin is prone to multiple input-validation vulnerabilities, including a cross-site scripting and a SQL-injection issue. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)

The remote host is missing updates announced in advisory GLSA 200903-32. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)

The remote host is missing updates announced in advisory GLSA 200903-32. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

GLSA-200903-32 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200903-32 phpMyAdmin: Multiple vulnerabilities Multiple vulnerabilities have been reported in phpMyAdmin: libraries/databaseinterface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request ...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: libraries/databaseinterface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with ...

Default credentials

XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via 1 the "lampp" default password for the "nobody" account within the included ProFTPD installation, 2 a blank default password for the "root" account within the included...