CVE-2006-1678

phpMyAdmin is affected by CVE-2006-1678 (XSS via themes directory) in versions prior to 2.8.0.3. The OpenVAS/OpenVAS-related Debian advisories enumerate multiple CVEs including CVE-2006-1678 and describe remote XSS risks. Affected software: phpMyAdmin; root cause: cross-site scripting via scripts...

[SA19556] phpMyAdmin Cross-Site Scripting Vulnerabilities

TITLE: phpMyAdmin Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA19556 VERIFY ADVISORY: http://secunia.com/advisories/19556/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: phpMyAdmin 2.x http://secunia.com/product/1720/ phpMyAdmin 1.x...

XSS vulnerabilities

PMASA-2006-1 Announcement-ID: PMASA-2006-1 Date: 2006-04-06 Summary XSS vulnerabilities Description It was possible to conduct an XSS attack with a direct call to some scripts under the themes directory. We wish to thank Toni Koivunen/CERT-FI for this advisory. Severity We consider these...

phpmyadmin -- XSS vulnerabilities

phpMyAdmin security announcement: It was possible to conduct an XSS attack with a direct call to some scripts under the themes directory...

CVE-2006-1258

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...

DEBIAN-CVE-2006-1258

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...

CVE-2006-1258

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...

CVE-2006-1258

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...

CVE-2006-1258

The CVE-2006-1258 entry describes a Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 that allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. Connected sources consistently identify the affected component as phpMyAdmin, with the vulnerability ...

CVE-2006-1258

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...

CVE-2006-1258

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...

[SA19277] phpMyAdmin "set_theme" Cross-Site Scripting

TITLE: phpMyAdmin "settheme" Cross-Site Scripting SECUNIA ADVISORY ID: SA19277 VERIFY ADVISORY: http://secunia.com/advisories/19277/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: phpMyAdmin 1.x http://secunia.com/product/1719/ phpMyAdmin 2.x...

phpmyadmin -- 'set_theme' Cross-Site Scripting

Secunia reports: A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "settheme" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTM...

phpMyAdmin 2.8.1 - Set_Theme Cross-Site Scripting

phpMyAdmin 2.8.1 - SetTheme Cross-Site Scripting source: https://www.securityfocus.com/bid/17142/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to hav...

phpMyAdmin 2.8.1 - Set_Theme Cross-Site Scripting

source: https://www.securityfocus.com/bid/17142/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...

SUSE-SA:2006:004: phpMyAdmin

The remote host is missing the patch for the advisory SUSE-SA:2006:004 phpMyAdmin. Stefan Esser discovered a bug in in the registerglobals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code CVE-2005-4079. Additionally several...

phpMyAdminSQL.txt

phpMyAdmin serverprivileges.php SQL Injection Vulnerabilities. I. BACKGROUND phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. II. DESCRIPTION phpMyAdmin serverprivileges.php is prone to SQL Injection vulnerability. A remote attacker may execute...

CVE-2005-4450

CVE-2005-4450 describes a CSRF vulnerability in phpMyAdmin 2.7.0 where remote attackers can perform unauthorized actions as a logged-in user by exploiting a link or IMG tag to server_priv privileges.php using dbname and checkprivs. Related OSV/NVD entries also reference a tied SQL injection discu...

CVE-2005-4450

Cross-site request forgery CSRF vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to serverprivileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown,...