6027 matches found
CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
DEBIAN-CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
CVE-2006-5718
CVE-2006-5718 is an XSS vulnerability in phpMyAdmin (versions 2.6.4–2.9.0.2) where UTF-7/US-ASCII data injected into error.php could be reflected in error messages. The issue affects phpMyAdmin installations using those versions; SUSE/NASL advisories note a patched package upgrading to 2.9.1.1 th...
CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin - error.php XSS Vulnerability Release Date: 2006/11/02 Last Modified: 2006/11/02 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.9.0.2...
[Full-disclosure] Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin - error.php XSS Vulnerability Release Date: 2006/11/02 Last Modified: 2006/11/02 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.9.0.2...
XSS vulnerability
PMASA-2006-6 Announcement-ID: PMASA-2006-6 Date: 2006-11-01 Summary XSS vulnerability Description We received a security advisory from Stefan Esser [email protected] and we wish to thank him for his work. It was possible to produce XSS via a special URL containing UTF-7 codes Severity We...
Debian DSA-880-1 : phpmyadmin - several vulnerabilities
Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2869 Andreas Kerber and Michal Cihar discovered several...
phpMyAdmin < 2.9.1 Multiple Vulnerabilities
The version of phpMyAdmin installed on the remote host allows an unauthenticated attacker to bypass variable blacklisting in its globalization routine and destroy, for example, the contents of session variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
DEBIAN-CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
DEBIAN-CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...