Authentication flaw

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function...

CVE-2010-4481

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function...

CVE-2010-4481

CVE-2010-4481 concerns phpMyAdmin prior to 3.4.0-beta1, where remote attackers could bypass authentication and disclose sensitive info by directly requesting phpinfo.php (which invokes phpinfo). The connected Github/OSV/Fedora records confirm the same vulnerability description and CVE linkage (CV...

CVE-2010-4481

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function...

CVE-2010-4481

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function...

phpMyAdmin 'error.php' Cross Site Scripting Vulnerability

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mandriva Update for phpmyadmin MDVSA-2010:244 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVSA-2010:244 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

phpMyAdmin数据库搜索跨站脚本执行漏洞

BUGTRAQ ID: 45100 CVE ID: CVE-2010-4329 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin由于未有效过滤用户提供的数据，所以在实现上存在跨站脚本漏洞，远程攻击者可利用此漏洞在其他访问网站的用户的浏览器中执行任意脚本代码，从而窃取基于Cookie的验证凭据，发动其他攻击。 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 phpMyAdmin phpMyAdmin 2.11 - 3.3.6 MandrakeSo...

phpMyAdmin Database Search Cross Site Scripting Vulnerability

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Mandriva Update for phpmyadmin MDVSA-2010:244 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVSA-2010:244 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Fedora 14 : phpMyAdmin-3.3.8.1-1.fc14 (2010-18343)

Changes for 3.3.8.1 2010-11-29 - security XSS on db search, see PMASA-2010-8 - http://www.phpmyadmin.net/homepage/security/PMASA-201 0-8.php - CVE-2010-4329 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Fedora 13 : phpMyAdmin-3.3.8.1-1.fc13 (2010-18371)

Changes for 3.3.8.1 2010-11-29 - security XSS on db search, see PMASA-2010-8 - http://www.phpmyadmin.net/homepage/security/PMASA-201 0-8.php - CVE-2010-4329 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

[SECURITY] Fedora 13 Update: phpMyAdmin-3.3.8.1-1.fc13

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges, export data into various formats and ...

DEBIAN-CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

Cross site scripting

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

CVE-2010-4480

CVE-2010-4480 affects PhpMyAdmin up to versions before 3.4.0-beta1, where error.php can be abused with a crafted BBCode tag containing “@” (e.g., “[a@url@page]”) to perform cross-site scripting (XSS). The issue is remote with no authentication required and could impact pages that render user-supp...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...