6017 matches found
CVE-2006-6943
PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...
CVE-2006-6942
CVE-2006-6942 involves multiple XSS vulnerabilities in PhpMyAdmin prior to 2.9.1.1. The description lists specific injection points, including (1) a comment for a table name via db_operations.php, (2) the db parameter to db_create.php, (3) the newname parameter to db_operations.php, (4) query_his...
CVE-2006-6943
PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...
CVE-2006-6943
PhpMyAdmin prior to 2.9.1.1 is affected by a path-disclosure vulnerability. Remote attackers can obtain the full server path by making direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php, as well as by supplying any of the following arguments to index.php: ...
CVE-2007-0341
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
CVE-2007-0341
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
Cross site scripting
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
CVE-2007-0341
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
DEBIAN-CVE-2007-0341
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
CVE-2007-0341
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
CVE-2007-0341
phpMyAdmin 2.8.1 and earlier have an XSS in IE6 where a javascript: URI in a CSS style within the convcharset parameter to the top-level URI allows remote attackers to inject arbitrary script/HTML. This is a different vulnerability from CVE-2005-0992; the provided documents do not specify a patch...
CVE-2007-0341
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
HTTP Response Splitting vulnerability
PMASA-2007-1 Announcement-ID: PMASA-2007-1 Date: 2007-01-16 Summary HTTP Response Splitting vulnerability Description On systems running PHP 5 before 5.1.2 or PHP 4 before 4.4.2, it is possible to trigger this vulnerability by editing the cookie containing PHP's session id. This can be used to se...
XSS and Path Disclosure vulnerabilities
PMASA-2007-2 Announcement-ID: PMASA-2007-2 Date: 2007-01-16 Summary XSS and Path Disclosure vulnerabilities Description We received an advisory from Laurent Gaffié and we wish to thank him for his work. It was possible to trigger these attacks on dbcreate.php and index.php. Severity We consider...
phpmyadmin-xss.txt
--------------------------------------------------------------------------------- | . | | \ \ / /||/ | | | \ Y / | \ \ \ | \ \ \ / / | | \ / | || | /| | | | // \ | | / |||| || |/ //\ \ | | / / | | Security without illusions | | www.virtuax.be | | |...
xss in phpmyadmin <= 2.8.1
although = v2.8.2 isn't vulnerable anymore, i still think this issue is important because phpmyadmin.net still offers 2.7.2-pl2 for download on their website and this is a vulnerable version. it's an xss bug that wasn't fixed properly reference:...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...
CVE-2007-0203
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors...
CVE-2007-0204
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...
CVE-2007-0203
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors...