CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

CVE-2010-2958

CVE-2010-2958 affects phpMyAdmin 3.x before 3.3.6. The vulnerability is a cross-site scripting (XSS) flaw in libraries/Error.class.php triggered by PHP backtrace/error messages, allowing remote attackers to inject arbitrary script/HTML. Exploitation details are documented in the CVE entry; the de...

phpMyAdmin setup.php Verbose Server Name XSS (PMASA-2010-7)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to the 'verbose server name' field. A remote attacker could exploit this by tricking a user into executing arbitrary script code. %NASLMINLEVEL 70300 C Tenable...

XSS attack on setup script.

PMASA-2010-7 Announcement-ID: PMASA-2010-7 Date: 2010-09-08 Summary XSS attack on setup script. Description It was possible to conduct a XSS attack using spoofed request to setup script. Severity We consider this vulnerability to be non critical. Affected Versions For 3.x: versions before 3.3.7 a...

Mandriva Update for phpmyadmin MDVSA-2010:164 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVSA-2010:164 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Mandriva Update for phpmyadmin MDVSA-2010:164 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVSA-2010:164 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

phpMyAdmin Debug Backtrace Cross Site Scripting Vulnerability

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

phpMyAdmin 3.x < 3.3.6 XSS

Binary data 5652.prm...

XSS attack using debugging messages.

PMASA-2010-6 Announcement-ID: PMASA-2010-6 Date: 2010-08-30 Summary XSS attack using debugging messages. Description It was possible to conduct a XSS attack using error messages in PHP backtrace. Severity We consider this vulnerability to be non critical. Mitigation factor Additional steps from...

phpMyAdmin Multiple Cross Site Scripting Vulnerabilities

phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

[SECURITY] [DSA 2097-1] New phpmyadmin packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2097-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 29, 2010 http://www.debian.org/security/faq -...

phpMyAdmin 'CVE-2010-3055' Configuration File PHP Code Injection Vulnerability

phpMyAdmin is prone to a remote PHP code injection vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian DSA-2097-1 : phpmyadmin - insufficient input sanitising

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-3055 The configuration setup script does not properly sanitise its output file, which allows...

[SECURITY] [DSA 2097-1] New phpmyadmin packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2097-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 29, 2010 http://www.debian.org/security/faq -...

DSA-2097-1 phpmyadmin - several vulnerabilities

Bulletin has no description...

phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. Submitting a specially crafted POST request can result in arbitrary PHP code injection. A remote...

CVE-2010-3056

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 dbsearch.php, 2 dbsql.php, 3 dbstructure.php, 4 js/messages.php, 5 libraries/common.lib.php, 6...

DEBIAN-CVE-2010-3056

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 dbsearch.php, 2 dbsql.php, 3 dbstructure.php, 4 js/messages.php, 5 libraries/common.lib.php, 6...

CVE-2010-3056

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 dbsearch.php, 2 dbsql.php, 3 dbstructure.php, 4 js/messages.php, 5 libraries/common.lib.php, 6...

CVE-2010-3055

The configuration setup script aka scripts/setup.php in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request...