CVE-2007-5976

SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...

CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

DEBIAN-CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

CVE-2007-5976

SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...

CVE-2007-5976

SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...

CVE-2007-5976

CVE-2007-5976 affects phpMyAdmin prior to 2.11.2.1. The vulnerability is an SQL injection in db_create.php that allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. This can enable database modification or creation under the att...

CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

CVE-2007-5977

CVE-2007-5977 is an XSS vulnerability in phpMyAdmin (db_create.php) affecting versions before 2.11.2.1, where remote authenticated users with CREATE DATABASE privileges can inject script via a hex-encoded IMG in the db parameter of a POST request. Connected advisories note related issues in phpMy...

[SECURITY] [DSA 1403-1] New phpmyadmin packages fix cross-site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1403-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 8th, 2007 http://www.debian.org/security/faq -...

FreeBSD : phpmyadmin -- XSS vulnerability (2d2dcbb4-906c-11dc-a951-0016179b2dd5)

The DigiTrust Group reports : When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...

XSS vulnerabilities

PMASA-2007-7 Announcement-ID: PMASA-2007-7 Date: 2007-11-11 Summary XSS vulnerabilities Description We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to create a malicious database name that contains XSS code. Our team fixed...

Debian DSA-1403-1 : phpmyadmin - missing input sanitising

Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5589 phpMyAdmin allows a remote attacker to inject arbitrary web...

[SECURITY] [DSA 1403-1] New phpmyadmin packages fix cross-site scripting

-------------------------------------------------------------------------- Debian Security Advisory DSA 1403-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 8th, 2007 http://www.debian.org/security/faq -...

DSA-1403-1 phpmyadmin - cross-site scripting

Bulletin has no description...

Fedora 7 : phpMyAdmin-2.11.2-1.fc7 (2007-2738)

Mon Oct 29 2007 Mike McGrath 2.11.2-1 - upstream released new version - Mon Oct 22 2007 Mike McGrath 2.11.1.2-1 - upstream released new version - Thu Sep 6 2007 Mike McGrath 2.11.0-1 - Upstream released new version - Altered sources file as required - Added proper license - Mon Jul 23 2007 Mike...

[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.2-1.fc7

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...