CVE-2006-5117

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...

CVE-2006-5116

CVE-2006-5116 affects phpMyAdmin prior to 2.9.1-rc1, with multiple CSRF vulnerabilities that allow remote attackers to perform actions as another user by (1) setting a token in the URL via dynamic variable evaluation and (2) unsetting arbitrary variables through $_REQUEST. Affected components inc...

CVE-2006-5117

CVE-2006-5117 concerns phpMyAdmin prior to 2.9.1-rc1, where a libraries directory under the web document root had insufficient access control, enabling remote attackers to obtain sensitive information via direct requests for certain files. Several connected advisories confirm the issue and docume...

CVE-2006-5117

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

[Full-disclosure] Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin Multiple CSRF Vulnerabilities Release Date: 2006/10/01 Last Modified: 2006/10/01 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.9.0...

FreeBSD : phpmyadmin -- CSRF vulnerabilities (19b17ab4-51e0-11db-a5ae-00508d6a62df)

phpMyAdmin team reports : We received a security advisory from Stefan Esser [email protected] and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. %NASLMINLEVEL 70300 C Tenable Network Security, In...

XSRF (Cross Site Request Forgery) vulnerabilities

PMASA-2006-5 Announcement-ID: PMASA-2006-5 Date: 2006-10-01 Summary XSRF Cross Site Request Forgery vulnerabilities Description We received a security advisory from Stefan Esser [email protected] and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by...

phpMyAdmin < 2.9.1-rc1 Multiple Vulnerabilities

Binary data 3756.prm...

phpmyadmin -- XSRF vulnerabilities

phpMyAdmin team reports: We received a security advisory from Stefan Esser [email protected] and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link...

phpMyAdmin 2.x - db_operations.php Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin 2.x - dboperations.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and...

phpMyAdmin 2.x - sql.php?pos Cross-Site Scripting

phpMyAdmin 2.x - sql.php?pos Cross-Site Scripting source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An...

phpMyAdmin 2.x - querywindow.php Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin 2.x - querywindow.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and...

phpMyAdmin 2.x - db_create.php?db Cross-Site Scripting

phpMyAdmin 2.x - dbcreate.php?db Cross-Site Scripting source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities...

phpMyAdmin 2.x - Multiple Script Array Handling Full Path Disclosures

phpMyAdmin 2.x - Multiple Script Array Handling Full Path Disclosures source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure...

phpMyAdmin 2.x - &#039;querywindow.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could exploit these vulnerabilities to vi...

phpMyAdmin 2.x - &#039;db_create.php?db&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could exploit these vulnerabilities to vi...

phpMyAdmin 2.x - &#039;db_operations.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could exploit these vulnerabilities to vi...

phpMyAdmin 2.x - Multiple Script Array Handling Full Path Disclosures

source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could exploit these vulnerabilities to vi...

phpMyAdmin 2.x - &#039;sql.php?pos&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could exploit these vulnerabilities to vi...