phpMyAdmin < 2.6.1 pl2 Libraries and Themes Multiple XSS

The installed version of phpMyAdmin suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user input in several PHP scripts used as libraries and themes. A remote attacker may use these issues to cause arbitrary code to be executed in a user's browser, to steal...

A variable injection vulnerability was found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks and / or perform remote file inclusion.

PMASA-2005-1 Announcement-ID: PMASA-2005-1 Date: 2005-02-25 Summary A variable injection vulnerability was found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting XSS attacks and / or perform remote file inclusion. Description We received two bug reports by Maksymilian...

phpMyAdmin < 2.6.1 pl1 Multiple Script File Inclusions

The installed version of phpMyAdmin suffers from multiple local file include flaws due to its failure to sanitize user input prior to its use in PHP 'include' and 'requireonce' calls. Specifically, a remote attacker can control values for the 'GLOBALScfgThemePath' parameter used in...

CVE-2005-0543

Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...

CVE-2005-0543

CVE-2005-0543 = cross-site scripting in phpMyAdmin 2.6.1. Vulnerable via parameters in select_server.lib.php (strServer, cfg[BgcolorOne], strServerChoice), display_tbl_links.lib.php (bg_color, row_no), left_font_family/theme_left.css.php, and right_font_family/theme_right.css.php. Causes remote H...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0543

Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...

CVE-2005-0544

CVE-2005-0544 concerns phpMyAdmin 2.6.1. The affected component is phpMyAdmin’s web interface, where direct requests to 15 internal library/ini files (e.g., sqlvalidator.lib.php, select_lang.lib.php, setup.php, cookie.auth.lib.php, etc.) can trigger error messages that leak the server’s full path...

DEBIAN-CVE-2005-0543

Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0543

Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...

CVE-2005-0543

Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...

CVE-2005-0543

Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...

phpMyAdmin 2.6 - Multiple Local File Inclusions

phpMyAdmin 2.6 - Multiple Local File Inclusions source: https://www.securityfocus.com/bid/12645/info phpMyAdmin is affected by multiple local file include vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP...

phpMyAdmin 2.6 - theme_left.css.php Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin 2.6 - themeleft.css.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied inp...

phpMyAdmin 2.6 - select_server.lib.php Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin 2.6 - selectserver.lib.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied...

phpMyAdmin 2.6 - theme_right.css.php Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin 2.6 - themeright.css.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied...

[SA14382] phpMyAdmin Local File Inclusion and Cross-Site Scripting

TITLE: phpMyAdmin Local File Inclusion and Cross-Site Scripting SECUNIA ADVISORY ID: SA14382 VERIFY ADVISORY: http://secunia.com/advisories/14382/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: From remote SOFTWARE: phpMyAdmin 2.x...

phpMyAdmin 2.6 - display_tbl_links.lib.php Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin 2.6 - displaytbllinks.lib.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-suppli...

phpMyAdmin 2.6 - &#039;theme_left.css.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may...