292 matches found
phpPgAdmin-rfi.txt
""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...
phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting
phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting source: https://www.securityfocus.com/bid/24115/info phpPgAdmin is prone to a cross-site scripting vulnerability. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of...
phpPgAdmin-xss.txt
There is a JavaScript code Injection in phpPgAdmin which fails to correctly sanitize user supplied data. As a result very simple XSS is possible. This was tested on phpPgAdmin 4.1.1 as not logged user. PoC:...
phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/24115/info phpPgAdmin is prone to a cross-site scripting vulnerability. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may...
phpPgAdmin登录表单目录遍历漏洞 Exploit
No description provided by source. formUsername=username&formPassword=password&formServer=0&formLanguage=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd%00&submitLogin=Login...
FreeBSD : phppgadmin -- 'formLanguage' local file inclusion vulnerability (88188a8c-eff6-11d9-8310-0001020eed82)
A Secunia Advisory reports : A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information. Input passed to the 'formLanguage' parameter in 'index.php' isn't properly verified, before it is used to include files. This can be exploite...
[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 759-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 759-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 759-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...
DSA-759-1 phppgadmin - missing input sanitising
Bulletin has no description...
Debian DSA-759-1 : phppgadmin - missing input sanitising
A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that 'magicquotesgpc' is disabled. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...
CVE-2005-2256
Summary: CVE-2005-2256 is a directory-traversal vulnerability in phppgadmin up to versions 3.5.3, exploitable via encoded \%2e\%2e\%2f in the formLanguage parameter to access arbitrary files. The flaw requires that magic_quotes_gpc is disabled. Affected products/versions are documented in Debian ...
CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...
CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...
DEBIAN-CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...
CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...
CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...
CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...
[SA15941] phpPgAdmin "formLanguage" Local File Inclusion Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
phpPgAdmin index.php formLanguage Parameter Local File Inclusion
The remote host is running phpPgAdmin, a web-based administration tool for PostgreSQL. The installed version of phpPgAdmin fails to filter directory traversal sequences from user input supplied to the 'formLanguage' parameter of the login form. An attacker can exploit this issue to read files...