CVE-2006-1258

The CVE-2006-1258 entry describes a Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 that allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. Connected sources consistently identify the affected component as phpMyAdmin, with the vulnerability ...

CVE-2006-1258

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...

[SA19277] phpMyAdmin "set_theme" Cross-Site Scripting

TITLE: phpMyAdmin "settheme" Cross-Site Scripting SECUNIA ADVISORY ID: SA19277 VERIFY ADVISORY: http://secunia.com/advisories/19277/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: phpMyAdmin 1.x http://secunia.com/product/1719/ phpMyAdmin 2.x...

phpmyadmin -- 'set_theme' Cross-Site Scripting

Secunia reports: A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "settheme" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTM...

phpMyAdmin 2.8.1 - Set_Theme Cross-Site Scripting

phpMyAdmin 2.8.1 - SetTheme Cross-Site Scripting source: https://www.securityfocus.com/bid/17142/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to hav...

phpMyAdmin 2.8.1 - Set_Theme Cross-Site Scripting

source: https://www.securityfocus.com/bid/17142/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...

SUSE-SA:2006:004: phpMyAdmin

The remote host is missing the patch for the advisory SUSE-SA:2006:004 phpMyAdmin. Stefan Esser discovered a bug in in the registerglobals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code CVE-2005-4079. Additionally several...

phpMyAdminSQL.txt

phpMyAdmin serverprivileges.php SQL Injection Vulnerabilities. I. BACKGROUND phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. II. DESCRIPTION phpMyAdmin serverprivileges.php is prone to SQL Injection vulnerability. A remote attacker may execute...

CVE-2005-4450

Cross-site request forgery CSRF vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to serverprivileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown,...

CVE-2005-4450

CVE-2005-4450 describes a CSRF vulnerability in phpMyAdmin 2.7.0 where remote attackers can perform unauthorized actions as a logged-in user by exploiting a link or IMG tag to server_priv privileges.php using dbname and checkprivs. Related OSV/NVD entries also reference a tied SQL injection discu...

PT-2005-5133 · Php · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin version 2.7.0 Description: A cross-site request forgery CSRF issue allows remote attackers to perform unauthorized actions as a logged-in user. This can be achieved via a link or IMG tag to "server privileges.php", utilizing the...

CVE-2005-4349

SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...

CVE-2005-4349

SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...

DEBIAN-CVE-2005-4349

SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...

CVE-2005-4349

SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...

CVE-2005-4349

SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...

CVE-2005-4349

SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...

CVE-2005-4349

CVE-2005-4349 : SQL injection in phpMyAdmin 2.7.0 is reported in server_privileges.php via the dbname and checkprivs parameters. The vendor/third party dispute the issue and suggest it may be rejected; a closely related CSRF issue is tracked as CVE-2005-4450. Connected sources confirm the presenc...

PT-2005-5035 · Phpmyadmin · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin version 2.7.0 Description: A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the dbname and checkprivs parameters in the server privileges.php file. However, the vendor and a third party...

phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.

phpMyAdmin serverprivileges.php SQL Injection Vulnerabilities. I. BACKGROUND phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. II. DESCRIPTION phpMyAdmin serverprivileges.php is prone to SQL Injection vulnerability. A remote attacker may execute...