CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

CVE-2006-6373

CVE-2006-6373 affects PhpMyAdmin 2.7.0-pl2. The vulnerability allows remote attackers to obtain sensitive information by requesting libraries/common.lib.php, which causes an error message that reveals the installation path. The available sources describe the issue as an information disclosure via...

CVE-2006-6374

The CVE-2006-6374 vulnerability affects PhpMyAdmin 2.7.0-pl2, with multiple CRLF injection flaws enabling HTTP header injection and response splitting via CRLF sequences in a PhpMyAdmin cookie. Affected components include css/phpmyadmin.css.php, db_create.php, index.php, left.php, libraries/sessi...

PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting

Title : PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Vulnerability Author : ajann Contact : : Tested : Just 2.7.0-pl2 CRLF------------------------------------------------------ Files---- /css/phpmyadmin.css.php /dbcreate.php /index.php /left.php...

CVE-2006-6258

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...

CVE-2006-6258

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...

CVE-2006-6258

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...

CVE-2006-6258

Affected software: AlternC 0.9.5 and earlier. Issue: the phpmyadmin subsystem transmits the SQL password in cleartext in a cookie, allowing potential exposure through network sniffing or a cross-site scripting (XSS) attack. Consequences: complete confidentiality and integrity impacts (per CVSS). ...

Debian DSA-1207-2 : phpmyadmin - several vulnerabilities

The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, please find below the original advisory text : Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities a...

[SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression

-------------------------------------------------------------------------- Debian Security Advisory DSA 1207-2 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 19th, 2006 http://www.debian.org/security/faq -...

phpmyadmin.txt

vendor site:http://phpmyadmin.net/ product:PhpMyAdmin all version bug: xss permanent & full path disclosure global risk:high xss post : 1 create a table , with whatever name , when it's done , go to "operation" /dboperations.php and add a comment on your table with: '"alertdocument.cookie the...

Path disclosure vulnerability

PMASA-2006-8 Announcement-ID: PMASA-2006-8 Date: 2006-11-17 Summary Path disclosure vulnerability Description We received a security advisory from laurent gaffié and we wish to thank him for his work. It was possible to disclose path by passing an array to several parameters. Severity We consider...

Bad IP Allow/Deny checking

PMASA-2006-9 Announcement-ID: PMASA-2006-9 Date: 2006-11-17 Summary Bad IP Allow/Deny checking Description We received a security advisory from Christian Schmidt, Peytz & Co. and we wish to thank him for his work. It was possible to get around IP-based Allow/Deny checking by faking proxy headers...

PhpMyAdmin all version [multiples vulnerability]

vendor site:http://phpmyadmin.net/ product:PhpMyAdmin all version bug: xss permanent & full path disclosure global risk:high xss post : 1 create a table , with whatever name , when it's done , go to "operation" /dboperations.php and add a comment on your table with:...

[SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1207-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 9th, 2006 http://www.debian.org/security/faq -...

DSA-1207-1 phpmyadmin

Bulletin has no description...

DEBIAN-CVE-2006-5718

Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...