6017 matches found
CVE-2006-6258
The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...
Debian DSA-1207-2 : phpmyadmin - several vulnerabilities
The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, please find below the original advisory text : Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities a...
[SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression
-------------------------------------------------------------------------- Debian Security Advisory DSA 1207-2 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 19th, 2006 http://www.debian.org/security/faq -...
phpmyadmin.txt
vendor site:http://phpmyadmin.net/ product:PhpMyAdmin all version bug: xss permanent & full path disclosure global risk:high xss post : 1 create a table , with whatever name , when it's done , go to "operation" /dboperations.php and add a comment on your table with: '"alertdocument.cookie the...
PhpMyAdmin all version [multiples vulnerability]
vendor site:http://phpmyadmin.net/ product:PhpMyAdmin all version bug: xss permanent & full path disclosure global risk:high xss post : 1 create a table , with whatever name , when it's done , go to "operation" /dboperations.php and add a comment on your table with:...
Path disclosure vulnerability
PMASA-2006-8 Announcement-ID: PMASA-2006-8 Date: 2006-11-17 Summary Path disclosure vulnerability Description We received a security advisory from laurent gaffié and we wish to thank him for his work. It was possible to disclose path by passing an array to several parameters. Severity We consider...
Bad IP Allow/Deny checking
PMASA-2006-9 Announcement-ID: PMASA-2006-9 Date: 2006-11-17 Summary Bad IP Allow/Deny checking Description We received a security advisory from Christian Schmidt, Peytz & Co. and we wish to thank him for his work. It was possible to get around IP-based Allow/Deny checking by faking proxy headers...
[SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1207-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 9th, 2006 http://www.debian.org/security/faq -...
DSA-1207-1 phpmyadmin
Bulletin has no description...
CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
DEBIAN-CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
CVE-2006-5718
CVE-2006-5718 is an XSS vulnerability in phpMyAdmin (versions 2.6.4–2.9.0.2) where UTF-7/US-ASCII data injected into error.php could be reflected in error messages. The issue affects phpMyAdmin installations using those versions; SUSE/NASL advisories note a patched package upgrading to 2.9.1.1 th...
CVE-2006-5718
Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...
Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin - error.php XSS Vulnerability Release Date: 2006/11/02 Last Modified: 2006/11/02 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.9.0.2...
[Full-disclosure] Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin - error.php XSS Vulnerability Release Date: 2006/11/02 Last Modified: 2006/11/02 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.9.0.2...
XSS vulnerability
PMASA-2006-6 Announcement-ID: PMASA-2006-6 Date: 2006-11-01 Summary XSS vulnerability Description We received a security advisory from Stefan Esser [email protected] and we wish to thank him for his work. It was possible to produce XSS via a special URL containing UTF-7 codes Severity We...
Debian DSA-880-1 : phpmyadmin - several vulnerabilities
Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2869 Andreas Kerber and Michal Cihar discovered several...