6027 matches found
CVE-2007-0204
CVE-2007-0204 : Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. This entry is supported by multiple sources in the provided documents (e.g., SUSE, NVD, PRION, UB, OSV, Debian,...
CVE-2007-0203
CVE-2007-0203 affects phpMyAdmin before 2.9.2-rc1 with multiple unspecified vulnerabilities and unknown impact/attack vectors. The NVD entry lists a HIGH base score (CVSS v2: AV:N/AC:L/Au:N/C:C/I:C/A:C; 10.0) but the connected documents do not provide concrete root-cause details, affected compone...
PHPMyAdmin < 2.9.2-rc2 Multiple Vulnerabilities
Binary data 3882.prm...
CVE-2007-0095
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...
CVE-2007-0095
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...
Information disclosure
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...
CVE-2007-0095
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...
DEBIAN-CVE-2007-0095
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...
CVE-2007-0095
phpMyAdmin 2.9.1.1 contained an information disclosure via a direct request to themes/darkblue_orange/layout.inc.php, exposing the installation path in an error message. Root cause: error handling reveals server path information. Impact: partial confidentiality loss. Remediation: apply the Fedora...
CVE-2007-0095
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...
CVE-2007-0095
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...
phpMyAdmin多个CSRF漏洞
phpMyAdmin是一款流行的基于web的管理MySQL数据库程序。 phpMyAdmin存在跨站请求伪造问题,远程攻击者可以利用漏洞利用CSRF攻击诱使phpMyAdmin用户在目标数据库服务器上执行任意sql查询。 phpMyAdmin使用在用户会话中存储随机token来保护跨站请求伪造,CSRF意思是web站点诱使浏览用户浏览器针对其他站点发送http请求。在phpMyAdmin中的CSRF意味着其他站点可以诱使phpMyAdmin用户的浏览器发送任意sql查询到自身的数据库。 phpMyAdmin由于如下问题而可导致绕过CSRF的保护: --Token验证:...
phpMyAdminexport.php文件泄露漏洞
phpMyAdmin是一个免费工具,为管理MySQL提供了一个WWW管理接口。phpMyAdmin包含的'export.php'脚本对用户提交参数缺少充分过滤,远程攻击者可以利用这个漏洞进行目录遍历攻击。phpMyAdmin包含的'export.php'脚本对用户提交给'what'的参数缺少充分过滤,远程攻击者提交包含多个'../'字符的数据,可绕过WEB ROOT限制,以WEB权限查看系统上的任意文件信息。 phpMyAdmin2.5-2.5.5-pl1 phpMyAdmin...
phpMyAdmin多个HTTP响应拆分漏洞
phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin的多个脚本存在HTTP响应拆分漏洞,允许攻击者更改HTTP响应头结构,导致破坏Web缓存、劫持页面或执行跨站脚本。 问题存在于phpMyAdmin的以下文件中: /css/phpmyadmin.css.php /dbcreate.php /index.php /left.php /libraries/session.inc.php /libraries/transformations/overview.php /querywindow.php /serverengines.php...
CVE-2006-6373
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...
CVE-2006-6373
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...
CVE-2006-6374
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...
CVE-2006-6373
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...
DEBIAN-CVE-2006-6373
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...
CVE-2006-6374
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...