6026 matches found
phpMyAdmin '$host'变量HTML注入漏洞
Bugtraq ID: 51166 CVE ID:CVE-2011-4782 phpMyAdmin是一款基于PHP的MySQL管理程序。 部分输入到setup接口的特制值可触发XSS,而且如果配置目录存在并科协,XSS负载可保存到此目录。 0 phpMyAdmin phpMyAdmin 3.4.8 phpMyAdmin phpMyAdmin 3.4.6 phpMyAdmin phpMyAdmin 3.4.5 phpMyAdmin phpMyAdmin 3.4.3 phpMyAdmin phpMyAdmin 3.4.5 phpMyAdmin phpMyAdmin 3.4.4...
phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability
phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
FreeBSD : phpMyAdmin -- Multiple XSS (8c83145d-2c95-11e1-89b4-001ec9578670)
The phpMyAdmin development team reports : Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS...
DEBIAN-CVE-2011-4782
Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...
CVE-2011-4782
Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...
CVE-2011-4782
Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...
CVE-2011-4780
Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...
CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
DEBIAN-CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
DEBIAN-CVE-2011-4780
Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...
CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
Cross site scripting
Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...
CVE-2011-4780
Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
CVE-2011-4782
Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...
CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
CVE-2011-4780
Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...
CVE-2011-4782
Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...
CVE-2011-4780
Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...
CVE-2011-4782
CVE-2011-4782 is a cross-site scripting (XSS) vulnerability in phpMyAdmin 3.4.x prior to 3.4.9, triggered via the host parameter in the setup interface (libraries/config/ConfigFile.class.php). The underlying issue is failure to properly escape/validate the host value, enabling remote attackers to...