6017 matches found
[SECURITY] [DSA 1403-1] New phpmyadmin packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1403-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 8th, 2007 http://www.debian.org/security/faq -...
XSS vulnerabilities
PMASA-2007-7 Announcement-ID: PMASA-2007-7 Date: 2007-11-11 Summary XSS vulnerabilities Description We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to create a malicious database name that contains XSS code. Our team fixed...
Debian DSA-1403-1 : phpmyadmin - missing input sanitising
Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5589 phpMyAdmin allows a remote attacker to inject arbitrary web...
[SECURITY] [DSA 1403-1] New phpmyadmin packages fix cross-site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 1403-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 8th, 2007 http://www.debian.org/security/faq -...
DSA-1403-1 phpmyadmin - cross-site scripting
Bulletin has no description...
Fedora 7 : phpMyAdmin-2.11.2-1.fc7 (2007-2738)
Mon Oct 29 2007 Mike McGrath 2.11.2-1 - upstream released new version - Mon Oct 22 2007 Mike McGrath 2.11.1.2-1 - upstream released new version - Thu Sep 6 2007 Mike McGrath 2.11.0-1 - Upstream released new version - Altered sources file as required - Added proper license - Mon Jul 23 2007 Mike...
[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.2-1.fc7
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...
CVE-2007-5589
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...
CVE-2007-5589
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...
DEBIAN-CVE-2007-5589
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...
CVE-2007-5589
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...
CVE-2007-5589
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...
CVE-2007-5589
CVE-2007-5589 is a cross-site scripting vulnerability in phpMyAdmin affecting versions prior to a patched release (noted in multiple advisories). The vulnerability arises from input echoed via PHP_SELF and PATH_INFO in several files inside libraries/ and common.inc.php (and possibly via REQUEST_U...
CVE-2007-5589
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...
phpMyAdmin setup.php跨站脚本执行漏洞
BUGTRAQ ID: 26020 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin的setup.php文件没有正确地验证某些用户输入参数,允许远程攻击者通过提交恶意的URI请求执行跨站脚本攻击。 phpMyAdmin phpMyAdmin 2.11.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities
Hi, phpMyAdmin version 2.11.1.1 was released to fix this, along with a security announcement: http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2007-5 which contains a mitigating factor: "We could only trigger it when using Internet Explorer with the 'send URLs as UTF8' setting disabled...
FreeBSD : phpmyadmin -- XSS vulnerability (498a8731-7cfc-11dc-96e6-0012f06707f0)
The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. %NASLMINLEVEL 70300 C Tenable Network...
about phpMyAdmin setup.php XSS vulnerability
Hi, phpMyAdmin version 2.11.1.1 was released to fix this, along with a security announcement: http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2007-5 which contains a mitigating factor: "We could only trigger it when using Internet Explorer with the 'send URLs as UTF8' setting disabled...
phpMyAdmin 2.11.1 - Server_Status.php Cross-Site Scripting
phpMyAdmin 2.11.1 - ServerStatus.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26301/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script cod...