6027 matches found
CVE-2006-2417
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...
CVE-2006-2417
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...
CVE-2006-2417
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...
DEBIAN-CVE-2006-2417
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...
DEBIAN-CVE-2006-2418
Cross-site scripting XSS vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts...
CVE-2006-2418
Cross-site scripting XSS vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts...
CVE-2006-2417
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...
CVE-2006-2418
Cross-site scripting XSS vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts...
CVE-2006-2418
CVE-2006-2418 is an XSS flaw in phpMyAdmin (affected versions prior to the fixes mentioned in advisories) where an attacker can inject script via the db parameter in footer.inc.php. Connected documents corroborate multiple phpMyAdmin XSS issues and specify that Debian/Debian-based advisories (DSA...
CVE-2006-2417
CVE-2006-2417 describes an XSS vulnerability in phpMyAdmin 2.8.0.x prior to 2.8.0.4, where an attacker can inject arbitrary script/HTML via the theme parameter in certain scripts (lang parameter covered by CVE-2006-2031). The vulnerability is remote and could lead to script execution in the victi...
CVE-2006-2417
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...
[SA20113] phpMyAdmin "theme" and "db" Cross-Site Scripting Vulnerabilities
TITLE: phpMyAdmin "theme" and "db" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA20113 VERIFY ADVISORY: http://secunia.com/advisories/20113/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: phpMyAdmin 2.x http://secunia.com/product/1720/ DESCRIPTION:...
FreeBSD : phpmyadmin -- local file inclusion vulnerability (9b7053fd-3ab5-11da-9484-00123ffe8333)
A phpMyAdmin security announcement reports : In libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated, opening the door to a local file inclusion attack. We consider this vulnerability to be serious. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
FreeBSD : phpmyadmin -- register_globals emulation 'import_blacklist' manipulation (23afd91f-676b-11da-99f6-00123ffe8333)
Secunia reports : Stefan Esser has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. The vulnerability is caused due to an error in the registerglobals...
FreeBSD : phpmyadmin -- 'set_theme' XSS (7b55f5c2-c58b-11da-9110-00123ffe8333)
Secunia reports : A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the 'settheme' parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HT...
FreeBSD : phpmyadmin -- XSS vulnerabilities (59ada6e5-676a-11da-99f6-00123ffe8333)
A phpMyAdmin security advisory reports : It was possible to conduct an XSS attack via the HTTPHOST variable; also, some scripts in the libraries directory that handle header generation were vulnerable to XSS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
FreeBSD : phpmyadmin -- HTTP Response Splitting vulnerability (c55f9ed0-56a7-11da-a3f0-00123ffe8333)
A phpMyAdmin security advisory reports : Some scripts in phpMyAdmin are vulnerable to an HTTP Response Splitting attack. Severity : We consider these vulnerabilities to be serious. However, they can only be triggered on systems running with registerglobals = on. %NASLMINLEVEL 70300 C Tenable...
FreeBSD : phpmyadmin -- XSS vulnerabilities (fba75b43-c588-11da-9110-00123ffe8333)
phpMyAdmin security announcement : It was possible to conduct an XSS attack with a direct call to some scripts under the themes directory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...
XSS vulnerabilities
PMASA-2006-2 Announcement-ID: PMASA-2006-2 Date: 2006-05-12 Summary XSS vulnerabilities Description 1. It was possible to conduct an XSS attack with a crafted lang or theme parameter. 2. The db parameter was also vulnerable to an XSS attack. Severity We consider these vulnerabilities to be...
CVE-2006-2031
Cross-site scripting XSS vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter...