6026 matches found
CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...
DEBIAN-CVE-2009-1149
CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...
CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...
DSquare Exploit Pack: D2SEC_PHPMYADMIN_RCE
Name| d2secphpmyadminrce ---|--- CVE| CVE-2009-1151 Exploit Pack| D2ExploitPack Description| d2secphpmyadminrce Notes|...
CVE-2009-1150
Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...
CVE-2009-1149
CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...
CVE-2009-1150
Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...
DEBIAN-CVE-2009-1150
Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...
DEBIAN-CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...
CVE-2009-1151
CVE-2009-1151 affects phpMyAdmin 2.11.x (before 2.11.9.5) and 3.x (before 3.1.3.1). The flaw is a static code injection in setup.php that lets a remote attacker inject arbitrary PHP code into the generated configuration file via the save action. The issue arises from insufficient validation/misco...
CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...
CVE-2009-1149
CVE-2009-1149 affects phpMyAdmin, specifically in bs_disp_as_mime_type.php (BLOB streaming). The vulnerability is a CRLF/HTTP header injection via c_type and possibly file_type, enabling HTTP response splitting. Affected: phpMyAdmin releases prior to 3.1.3.1. Impact: remote attacker could inject ...
CVE-2009-1149
CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...
CVE-2009-1150
Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...
CVE-2009-1148
CVE-2009-1148 : phpMyAdmin before 3.1.3.1 contains a directory traversal in the BLOB streaming feature (bs_disp_as_mime_type.php) that allows remote attackers to read arbitrary files via the file_path parameter. Public data from Red Hat and openSUSE/Nessus/OpenVAS entries confirm this is a phpMyA...
CVE-2009-1148
Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...
CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...
CVE-2009-1149
CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...
CVE-2009-1150
Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...
CVE-2009-1148
Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...