CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

CVE-2009-1150

CVE-2009-1150 affects phpMyAdmin: XSS in the export page (display_export.lib.php) via the pma_db_filename_template cookie. Vulnerable when using phpMyAdmin 2.11.x (before 2.11.9.5) or 3.x (before 3.1.3.1). Root cause is insufficient sanitization of cookie data on the Export page, enabling remote ...

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attack...

phpMyAdmin Code Injection and XSS Vulnerability

phpMyAdmin is prone to a remote PHP code-injection vulnerability and to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities

phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTTP response-splitting vulnerability and a local file-include vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

[SECURITY] Fedora 9 Update: phpMyAdmin-3.1.3.1-1.fc9

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

FreeBSD : phpmyadmin -- insufficient output sanitizing when generating configuration file (06f9174f-190f-11de-b2f0-001c2514716c)

phpMyAdmin reports : Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

phpMyAdmin 'setup.php' PHP Code Injection Vulnerability

Description phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks...

Insufficient output sanitizing when generating configuration file.

PMASA-2009-3 Announcement-ID: PMASA-2009-3 Date: 2009-03-24 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

Cross-site scripting on export page using cookies.

PMASA-2009-2 Announcement-ID: PMASA-2009-2 Date: 2009-03-24 Summary Cross-site scripting on export page using cookies. Description Export page uses cookies to remember user settings of file name template. These cookies could be used for cross-site scripting because they were not sanitized...

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

PT-2009-1127 · Phpmyadmin · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 2.11.x through 2.11.9.4 phpMyAdmin versions 3.x through 3.1.3.0 Description: The issue is related to a static code injection vulnerability in the setup.php file of phpMyAdmin. This vulnerability allows remote attackers to...

phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities

phpMyAdmin is prone to multiple input-validation vulnerabilities, including a cross-site scripting and a SQL-injection issue. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

phpMyAdmin Multiple Input Validation Vulnerabilities

phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced...

Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)

The remote host is missing updates announced in advisory GLSA 200903-32. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)

The remote host is missing updates announced in advisory GLSA 200903-32. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

GLSA-200903-32 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200903-32 phpMyAdmin: Multiple vulnerabilities Multiple vulnerabilities have been reported in phpMyAdmin: libraries/databaseinterface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request ...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been reported in phpMyAdmin: libraries/databaseinterface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with ...

Default credentials

XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via 1 the "lampp" default password for the "nobody" account within the included ProFTPD installation, 2 a blank default password for the "root" account within the included...

CVE-2009-0919

XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via 1 the "lampp" default password for the "nobody" account within the included ProFTPD installation, 2 a blank default password for the "root" account within the included...