6027 matches found
CVE-2008-3032
CVE-2008-3032 describes a Cross-site Scripting (XSS) vulnerability in the phpMyAdmin extension for TYPO3, affecting version 3.0.1 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected documents consistently reference the same ...
phpMyAdmin远程跨站脚本漏洞
CVECAN ID: CVE-2008-2960 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 如果PHP registerglobals的设置为on且服务器没有应用/libraries中.htaccess文件的设置的话,远程攻击者就可以通过向phpMyAdmin提交恶意请求执行跨站脚本攻击,导致执行任意代码。 phpMyAdmin 2.11.7 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
Cross site scripting
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
DEBIAN-CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
CVE-2008-2960
CVE-2008-2960 is a cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7 that occurs when register_globals is enabled and .htaccess support is disabled. It allows remote attackers to inject arbitrary web script or HTML via scripts in libraries/. The connected documents confirm the ...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
FreeBSD : phpmyadmin -- XSS Vulnerabilities (e285a1f4-4568-11dd-ae96-0030843d3802)
Secunia report : Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...
Cross Site Scripting vulnerability in extension phpmyadmin
It has been discovered that the extension phpmyadmin is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.0.1 and all versions below Vulnerability Type: Cross Site...
Fedora 8 : phpMyAdmin-2.11.7-1.fc8 (2008-5640)
"This update solves PMASA-2008-4 phpMyAdmin security announcement from 2008-06-23: XSS on plausible insecure PHP installation; see http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2008-4 - interface New field cannot be auto-increment and primary key - dbi Incorrect interpretation for...
Fedora 9 : phpMyAdmin-2.11.7-1.fc9 (2008-5676)
"This update solves PMASA-2008-4 phpMyAdmin security announcement from 2008-06-23: XSS on plausible insecure PHP installation; see http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2008-4 - interface New field cannot be auto-increment and primary key - dbi Incorrect interpretation for...
[SECURITY] Fedora 9 Update: phpMyAdmin-2.11.7-1.fc9
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...
[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.7-1.fc8
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...
phpmyadmin -- Cross Site Scripting Vulnerabilities
Secunia report: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...
GLSA-200805-02 : phpMyAdmin: Information disclosure
The remote host is affected by the vulnerability described in GLSA-200805-02 phpMyAdmin: Information disclosure Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact : A remote attacker with CREATE TABLE...
[ GLSA 200805-02 ] phpMyAdmin: Information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
phpMyAdmin: Information disclosure
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact A remote attack...