6017 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
DEBIAN-CVE-2008-3197
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
CVE-2008-3197
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
CVE-2008-3197
CVE-2008-3197 affects phpMyAdmin prior to 2.11.7.1, introducing a cross-site request forgery (CSRF) that enables unauthorized actions via links or image tags. The CSRF targets (1) the db parameter in the “Creating a Database” function (db_create.php) and (2) convcharset and collation_connection r...
CVE-2008-3197
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
XSRF/CSRF for creating a database and modifying user charset
PMASA-2008-5 Announcement-ID: PMASA-2008-5 Date: 2008-07-15 Updated: 2008-07-16 Summary XSRF/CSRF for creating a database and modifying user charset Description We received an advisory from Aung Khant YGN Ethical Hacker Group, and we wish to thank him for his work. A logged-in user, if abused int...
phpmyadmin -- cross site request forgery vulnerabilities
A phpMyAdmin security announcement: A logged-in user, if abused into clicking a crafted link or loading an attack page, would create a database he did not intend to, or would change his connection character set...
Cross site scripting
Cross-site scripting XSS vulnerability in the phpMyAdmin phpmyadmin extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-3032
Cross-site scripting XSS vulnerability in the phpMyAdmin phpmyadmin extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-3032
CVE-2008-3032 describes a Cross-site Scripting (XSS) vulnerability in the phpMyAdmin extension for TYPO3, affecting version 3.0.1 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected documents consistently reference the same ...
CVE-2008-3032
Cross-site scripting XSS vulnerability in the phpMyAdmin phpmyadmin extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
phpMyAdmin远程跨站脚本漏洞
CVECAN ID: CVE-2008-2960 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 如果PHP registerglobals的设置为on且服务器没有应用/libraries中.htaccess文件的设置的话,远程攻击者就可以通过向phpMyAdmin提交恶意请求执行跨站脚本攻击,导致执行任意代码。 phpMyAdmin 2.11.7 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
Cross site scripting
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
DEBIAN-CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...
CVE-2008-2960
CVE-2008-2960 is a cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7 that occurs when register_globals is enabled and .htaccess support is disabled. It allows remote attackers to inject arbitrary web script or HTML via scripts in libraries/. The connected documents confirm the ...
CVE-2008-2960
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...