CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

DEBIAN-CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

CVE-2007-5589

CVE-2007-5589 is a cross-site scripting vulnerability in phpMyAdmin affecting versions prior to a patched release (noted in multiple advisories). The vulnerability arises from input echoed via PHP_SELF and PATH_INFO in several files inside libraries/ and common.inc.php (and possibly via REQUEST_U...

CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities

Hi, phpMyAdmin version 2.11.1.1 was released to fix this, along with a security announcement: http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2007-5 which contains a mitigating factor: "We could only trigger it when using Internet Explorer with the 'send URLs as UTF8' setting disabled...

phpMyAdmin setup.php跨站脚本执行漏洞

BUGTRAQ ID: 26020 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin的setup.php文件没有正确地验证某些用户输入参数，允许远程攻击者通过提交恶意的URI请求执行跨站脚本攻击。 phpMyAdmin phpMyAdmin 2.11.1 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

about phpMyAdmin setup.php XSS vulnerability

Hi, phpMyAdmin version 2.11.1.1 was released to fix this, along with a security announcement: http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2007-5 which contains a mitigating factor: "We could only trigger it when using Internet Explorer with the 'send URLs as UTF8' setting disabled...

FreeBSD : phpmyadmin -- XSS vulnerability (498a8731-7cfc-11dc-96e6-0012f06707f0)

The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. %NASLMINLEVEL 70300 C Tenable Network...

phpMyAdmin 2.11.1 - Server_Status.php Cross-Site Scripting

phpMyAdmin 2.11.1 - ServerStatus.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26301/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script cod...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-1611)

Missing checks of the 'db' parameter could be exploited for cross site scripting attacks CVE-2006-2417. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update phpMyAdmin-1611. The text description of...

FreeBSD : phpmyadmin -- XSS vulnerability (51b51d4a-7c0f-11dc-9e47-0011d861d5e2)

SecurityFocus reports : phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-2340)

The previous phpMyAdmin update accidentally renamed the config file and moved it into a different directory. This update corrects this erroneous behavior. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-2300)

This patch upgrades the phpMyAdmin package to version 2.9.1.1, including fixes for the security problems tracked by the Mitre CVE IDs CVE-2006-3388, CVE-2006-5116, CVE-2006-5117, and CVE-2006-5718. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-1581)

Missing checks of the 'db' and 'theme' parameters could be exploited for cross site scripting attacks CVE-2006-2417, CVE-2006-2418. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

phpMyAdmin 2.11.1 - 'Server_Status.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26301/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-3990)

Multiple bugs in phpMyAdmin could lead to cross-site-scripting XSS attacks, injection of JavaScript code or to crashing the php interpreter. CVE-2007-1325,PMASA-2007-1,PMASA-2007-2,PMASA-2007-3,PMASA- 2007-4 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

XSS vulnerabilities

PMASA-2007-6 Announcement-ID: PMASA-2007-6 Date: 2007-10-17 Updated: 2007-10-24 Summary XSS vulnerabilities Description We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to trigger this attack on serverstatus.php. Our team fixed...

XSS vulnerability

PMASA-2007-5 Announcement-ID: PMASA-2007-5 Date: 2007-10-15 Summary XSS vulnerability Description We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to trigger this attack on setup.php. Severity We consider this vulnerability to b...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...