GLSA-200512-03 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200512-03 phpMyAdmin: Multiple vulnerabilities Stefan Esser from Hardened-PHP reported about multiple vulnerabilities found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable importblacklist to open phpMyAdm...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser from Hardened-PHP reported about multiple vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable importblacklist to open...

DEBIAN-CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

CVE-2005-3665

phpMyAdmin (before 2.7.0) is affected by CVE-2005-3665, with multiple XSS vulnerabilities exploitable via the HTTP_HOST variable and header-generation scripts in libraries. Connected advisories (Debian DSA-1207-1/DSA-1207-2 and Gentoo/OpenVAS entries) reference this CVE among several in phpMyAdmi...

CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

CVE-2005-4079

The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...

CVE-2005-4079

The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...

CVE-2005-4079

The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...

CVE-2005-4079

CVE-2005-4079 affects phpMyAdmin 2.7.0 rc1 via register_globals emulation: an attacker can modify import_blacklist in grab_globals.php to overwrite other variables, potentially leading to remote code execution or file inclusion in vulnerable setups. Several advisories note this as part of multipl...

CVE-2005-4079

The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...

Advisory 25/2005: phpMyAdmin Variables Overwrite Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin Variable Overwrite Vulnerability Release Date: 2005/12/07 Last Modified: 2005/12/07 Author: Stefan Esser [email protected] Application: phpMyAdmin 2.7.0-rc1...

phpMyAdmin < 2.7.0-pl1 Global Variable Overwrite

Binary data 3319.prm...

Cross-Site Scripting, local and remote code execution vulnerabilities

PMASA-2005-9 Announcement-ID: PMASA-2005-9 Date: 2005-12-07 Summary Cross-Site Scripting, local and remote code execution vulnerabilities Description Two days after the release of version 2.7.0, we received a security advisory from Stefan Esser [email protected] and we wish to thank him for...

phpmyadmin -- register_globals emulation "import_blacklist" manipulation

Secunia reports: Stefan Esser has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. The vulnerability is caused due to an error in the registerglobals...

phpmyadmin -- XSS vulnerabilities

A phpMyAdmin security advisory reports: It was possible to conduct an XSS attack via the HTTPHOST variable; also, some scripts in the libraries directory that handle header generation were vulnerable to XSS...

CVE-2004-2632

CVE-2004-2632 concerns phpMyAdmin versions 2.5.1 through 2.5.7. The vulnerability allows remote attackers to modify configuration settings using tampered $cfg['Servers'] variables, resulting in unauthorized access to MySQL servers. This is described in the CVE entry and corroborated by multiple s...

CVE-2004-2632

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg'Servers' variables...