6026 matches found
CVE-2005-0567
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...
DEBIAN-CVE-2005-0544
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...
CVE-2005-0459
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...
DEBIAN-CVE-2005-0567
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...
CVE-2005-0567
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...
CVE-2005-0567
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...
GLSA-200504-30 : phpMyAdmin: Insecure SQL script installation
"The remote host is affected by the vulnerability described in GLSA-200504-30 phpMyAdmin: Insecure SQL script installation The phpMyAdmin installation process leaves the SQL install script with insecure permissions. Impact : A local attacker could exploit this vulnerability to obtain the initial...
[Full-disclosure] [ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation
Gentoo Linux Security Advisory GLSA 200504-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
phpMyAdmin: Insecure SQL script installation
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. phpMyAdmin uses a pma MySQL user to control the linked-tables infrastructure. The SQL install script sets the initial password for the pma user. Description The phpMyAdmin...
phpMyAdmin262XSS.txt
========================================================== Title: phpMyAdmin Cross-site Scripting Vulnerability Application: phpMyAdmin Vendor: http://www.phpmyadmin.net Vulnerable Versions: References: http://www.arrelnet.com/advisories/adv20050403.html...
XAMPP - Insecure Default Password Disclosure
source: https://www.securityfocus.com/bid/13131/info An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords. An attacker may leverage this issue to gain access to the default passwords f...
XAMPP - Insecure Default Password Disclosure
XAMPP - Insecure Default Password Disclosure source: https://www.securityfocus.com/bid/13131/info An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords. An attacker may leverage this...
GLSA-200504-08 : phpMyAdmin: XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200504-08 phpMyAdmin: XSS vulnerability Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the 'convcharset' variable, rendering it vulnerable to cross-site scripting attacks. Impact : By sending a...
phpMyAdmin: Cross-site scripting vulnerability
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the "convcharset" variable, rendering it vulnerable to cross-site scripting...
CVE-2005-0992
Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...
CVE-2005-0992
Summary: CVE-2005-0992 is an XSS in phpMyAdmin’s index.php via the convcharset parameter. The NVD entry lists a base score of 4.3 (MEDIUM) with network access, no confidentiality impact, but partial integrity impact and no availability impact. Connected OpenVAS entries tie the vulnerability to ph...
phpMyAdmin Cross-site Scripting Vulnerability
========================================================== Title: phpMyAdmin Cross-site Scripting Vulnerability Application: phpMyAdmin Vendor: http://www.phpmyadmin.net Vulnerable Versions: =2.6.2-beta1 Corrected: phpMyAdmin versions after 2.6.2-beta1 Bug: Cross-site Scripting Date: 3-Apr-2005...
phpMyAdmin index.php convcharset Parameter XSS
The installed version of phpMyAdmin suffers from a cross-site scripting vulnerability due to its failure to sanitize user input to the 'convcharset' parameter of the 'index.php' script. A remote attacker may use these vulnerabilities to cause arbitrary code to be executed in a user's browser to...
[SA14799] phpMyAdmin "convcharset" Cross-Site Scripting Vulnerability
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: phpMyAdmin "convcharset" Cross-Site Scripting...
phpMyAdmin < 2.6.2-RC1 RCE
Binary data 2787.prm...