CVE-2007-0095

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...

phpMyAdmin多个CSRF漏洞

phpMyAdmin是一款流行的基于web的管理MySQL数据库程序。 phpMyAdmin存在跨站请求伪造问题，远程攻击者可以利用漏洞利用CSRF攻击诱使phpMyAdmin用户在目标数据库服务器上执行任意sql查询。 phpMyAdmin使用在用户会话中存储随机token来保护跨站请求伪造，CSRF意思是web站点诱使浏览用户浏览器针对其他站点发送http请求。在phpMyAdmin中的CSRF意味着其他站点可以诱使phpMyAdmin用户的浏览器发送任意sql查询到自身的数据库。 phpMyAdmin由于如下问题而可导致绕过CSRF的保护： --Token验证：...

phpMyAdminexport.php文件泄露漏洞

phpMyAdmin是一个免费工具，为管理MySQL提供了一个WWW管理接口。phpMyAdmin包含的'export.php'脚本对用户提交参数缺少充分过滤，远程攻击者可以利用这个漏洞进行目录遍历攻击。phpMyAdmin包含的'export.php'脚本对用户提交给'what'的参数缺少充分过滤，远程攻击者提交包含多个'../'字符的数据，可绕过WEB ROOT限制，以WEB权限查看系统上的任意文件信息。 phpMyAdmin2.5-2.5.5-pl1 phpMyAdmin...

phpMyAdmin多个HTTP响应拆分漏洞

phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin的多个脚本存在HTTP响应拆分漏洞，允许攻击者更改HTTP响应头结构，导致破坏Web缓存、劫持页面或执行跨站脚本。 问题存在于phpMyAdmin的以下文件中： /css/phpmyadmin.css.php /dbcreate.php /index.php /left.php /libraries/session.inc.php /libraries/transformations/overview.php /querywindow.php /serverengines.php...

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

DEBIAN-CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

CVE-2006-6373

CVE-2006-6373 affects PhpMyAdmin 2.7.0-pl2. The vulnerability allows remote attackers to obtain sensitive information by requesting libraries/common.lib.php, which causes an error message that reveals the installation path. The available sources describe the issue as an information disclosure via...

CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

CVE-2006-6374

The CVE-2006-6374 vulnerability affects PhpMyAdmin 2.7.0-pl2, with multiple CRLF injection flaws enabling HTTP header injection and response splitting via CRLF sequences in a PhpMyAdmin cookie. Affected components include css/phpmyadmin.css.php, db_create.php, index.php, left.php, libraries/sessi...

PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting

Title : PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Vulnerability Author : ajann Contact : : Tested : Just 2.7.0-pl2 CRLF------------------------------------------------------ Files---- /css/phpmyadmin.css.php /dbcreate.php /index.php /left.php...

CVE-2006-6258

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...

CVE-2006-6258

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...

CVE-2006-6258

Affected software: AlternC 0.9.5 and earlier. Issue: the phpmyadmin subsystem transmits the SQL password in cleartext in a cookie, allowing potential exposure through network sniffing or a cross-site scripting (XSS) attack. Consequences: complete confidentiality and integrity impacts (per CVSS). ...