openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-1581)

Missing checks of the 'db' and 'theme' parameters could be exploited for cross site scripting attacks CVE-2006-2417, CVE-2006-2418. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-3990)

Multiple bugs in phpMyAdmin could lead to cross-site-scripting XSS attacks, injection of JavaScript code or to crashing the php interpreter. CVE-2007-1325,PMASA-2007-1,PMASA-2007-2,PMASA-2007-3,PMASA- 2007-4 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-2340)

The previous phpMyAdmin update accidentally renamed the config file and moved it into a different directory. This update corrects this erroneous behavior. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

FreeBSD : phpmyadmin -- XSS vulnerability (51b51d4a-7c0f-11dc-9e47-0011d861d5e2)

SecurityFocus reports : phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-2300)

This patch upgrades the phpMyAdmin package to version 2.9.1.1, including fixes for the security problems tracked by the Mitre CVE IDs CVE-2006-3388, CVE-2006-5116, CVE-2006-5117, and CVE-2006-5718. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-1611)

Missing checks of the 'db' parameter could be exploited for cross site scripting attacks CVE-2006-2417. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update phpMyAdmin-1611. The text description of...

XSS vulnerabilities

PMASA-2007-6 Announcement-ID: PMASA-2007-6 Date: 2007-10-17 Updated: 2007-10-24 Summary XSS vulnerabilities Description We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to trigger this attack on serverstatus.php. Our team fixed...

phpMyAdmin 2.11.1 - 'Server_Status.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26301/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

XSS vulnerability

PMASA-2007-5 Announcement-ID: PMASA-2007-5 Date: 2007-10-15 Summary XSS vulnerability Description We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to trigger this attack on setup.php. Severity We consider this vulnerability to b...

DEBIAN-CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

Cross site scripting

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2007-5386

CVE-2007-5386 : XSS in phpMyAdmin 2.11.1’s scripts/setup.php when a browser does not URL-encode requests, allowing remote injection of arbitrary script/HTML via the query string. OpenVAS entries (Fedora/Debian updates) confirm a publicly known vulnerability and list CVSS base 4.3 (I:P), with nota...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

phpmyadmin -- cross-site scripting vulnerability

SecurityFocus reports: phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

phpMyAdmin 2.11.1 - setup.php Cross-Site Scripting

phpMyAdmin 2.11.1 - setup.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26020/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in th...

phpMyAdmin 2.11.1 - 'setup.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26020/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...