CVE-2007-4306

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2 sqlquery, or 3 pos parameter to a tblexport.php; the 4 sessionmaxrows or 5 pos parameter to b sql.php; the 6 username parameter to c...

CVE-2007-4306

CVE-2007-4306 corresponds to multiple XSS vulnerabilities in phpMyAdmin 2.10.3. The affected component set includes: tbl_export.php (parameters unlim_num_rows, sql_query, pos), sql.php (session_max_rows, pos), server_privileges.php (username), and main.php (sql_query). The description notes that ...

CVE-2007-4306

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2 sqlquery, or 3 pos parameter to a tblexport.php; the 4 sessionmaxrows or 5 pos parameter to b sql.php; the 6 username parameter to c...

phpMyAdmin multiple XSS vuln.

phpMyAdmin multiple XSS vuln. Vuln. discovered by : r0t Date: 10 August 2007 vendor:http://www.phpmyadmin.net/ orginal advisory: http://pridels-team.blogspot.com/2007/08/phpmyadmin-multiple-xss-vuln.html affected versions:2.10.3 latest stable version prior versions also can be affected. phpMyAdmi...

Information Disclosure from phpmyadmin

An information disclosure issue has been found in the phpmyadmin extension of TYPO3 that may give access to phpinfo information in special cases. The standalone version of phpmyadmin is not affected. Component Type: Third party extension. This extension is not part of the TYPO3 default...

Use the telnet method export, import, Forum mysql database-vulnerability warning-the black bar safety net

To 1. The method presented here is mainly applicable to VB and other forums. Use the TELNET method can be existing on the server database to export,then import this data to another server,use this method can achieve the Forum in two Server Migration; or the server existing on the forum moved to...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in 1 the path parameter to library/adodb/adodb.inc.php, 2 the abspatheditor parameter to library/editor/editor.php, or 3 the cfgfiletoload parameter to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...

CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...

DEBIAN-CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...

CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...

CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...

CVE-2007-2245

CVE-2007-2245 describes remote cross-site scripting (XSS) in phpMyAdmin prior to 2.10.1.0, enabling an attacker to inject arbitrary script/HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) input to the PMA_sanitize function. Connected docs confirm multiple advisories and Debian/...

CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...

dcp-portal v611 >> RFi

vendor :http://www.dcp-portal.org/ by : www.hackerz.ir userz .saeid 1- remote DCP/library/adodb/adodb.inc.php ==== includeonce$path; 2- remote DCP/library/editor/editor.php ===== include $abspatheditor."PropAccestring.php 3- local == DCP/admin/phpMyAdmin/libraries/common.lib.php ===...

phpMyAdmin 2.9.1 - Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin 2.9.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/23624/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

phpMyAdmin 2.9.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/23624/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

XSS vulnerabilities

PMASA-2007-4 Announcement-ID: PMASA-2007-4 Date: 2007-04-24 Updated: 2007-05-17 Summary XSS vulnerabilities Description We received an advisory from Lukasz Plonka "sp3x" SecurityReason and we wish to thank him for his work. It was possible to trigger these attacks on various scripts due to...

XAMPP for Windows 1.6.0a - mssql_connect() Remote Buffer Overflow

XAMPP for Windows 1.6.0a - mssqlconnect Remote Buffer Overflow Connect$POST'host', $POST'user', $POST'password', $POST'database'; echo "DBServer: $POSTdbserver"; $result = $db-Execute"SELECT FROM $POSTtable"; ... mssqlconnect function is vulnerable to buffer overflow and the host argument is...

XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit

Exploit for unknown platform in category remote exploits ============================================================== XAMPP for Windows Connect$POST'host', $POST'user', $POST'password', $POST'database'; echo "DBServer: $POSTdbserver"; $result = $db-Execute"SELECT FROM $POSTtable";...