CVE-2005-4079

The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...

CVE-2005-4079

CVE-2005-4079 affects phpMyAdmin 2.7.0 rc1 via register_globals emulation: an attacker can modify import_blacklist in grab_globals.php to overwrite other variables, potentially leading to remote code execution or file inclusion in vulnerable setups. Several advisories note this as part of multipl...

CVE-2005-4079

The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...

Advisory 25/2005: phpMyAdmin Variables Overwrite Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin Variable Overwrite Vulnerability Release Date: 2005/12/07 Last Modified: 2005/12/07 Author: Stefan Esser [email protected] Application: phpMyAdmin 2.7.0-rc1...

phpMyAdmin < 2.7.0-pl1 Global Variable Overwrite

Binary data 3319.prm...

phpmyadmin -- register_globals emulation "import_blacklist" manipulation

Secunia reports: Stefan Esser has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. The vulnerability is caused due to an error in the registerglobals...

Cross-Site Scripting, local and remote code execution vulnerabilities

PMASA-2005-9 Announcement-ID: PMASA-2005-9 Date: 2005-12-07 Summary Cross-Site Scripting, local and remote code execution vulnerabilities Description Two days after the release of version 2.7.0, we received a security advisory from Stefan Esser [email protected] and we wish to thank him for...

phpmyadmin -- XSS vulnerabilities

A phpMyAdmin security advisory reports: It was possible to conduct an XSS attack via the HTTPHOST variable; also, some scripts in the libraries directory that handle header generation were vulnerable to XSS...

CVE-2004-2630

The CVE-2004-2630 entry affects phpMyAdmin, specifically the MIME transformation system (transformations/text_plain__external.inc.php) in versions 2.5.0 through 2.6.0-pl1. The root cause is a vulnerability in the MIME-based transformation subsystem that lets remote attackers execute arbitrary she...

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

CVE-2004-2630

The MIME transformation system transformations/textplainexternal.inc.php in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...

CVE-2004-2631

CVE-2004-2631 affects phpMyAdmin 2.5.1–2.5.7, where LeftFrameLight being FALSE enables eval injection in left.php, allowing remote attackers to execute arbitrary PHP code via a crafted table name. The issue is rated CVSS v2 base 7.5 (Network, Low attack complexity, no authentication). Connected a...

CVE-2004-2632

CVE-2004-2632 concerns phpMyAdmin versions 2.5.1 through 2.5.7. The vulnerability allows remote attackers to modify configuration settings using tampered $cfg['Servers'] variables, resulting in unauthorized access to MySQL servers. This is described in the CVE entry and corroborated by multiple s...

CVE-2004-2632

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg'Servers' variables...

CVE-2004-2632

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg'Servers' variables...

CVE-2005-3787

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via 1 the cookie-based login panel, 2 the title parameter and 3 the table creation dialog...

CVE-2005-3787

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via 1 the cookie-based login panel, 2 the title parameter and 3 the table creation dialog...

DEBIAN-CVE-2005-3787

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via 1 the cookie-based login panel, 2 the title parameter and 3 the table creation dialog...

CVE-2005-3787

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via 1 the cookie-based login panel, 2 the title parameter and 3 the table creation dialog...