6016 matches found
CVE-2004-1055
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...
CVE-2004-1055
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...
DEBIAN-CVE-2004-1055
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...
CVE-2005-0567
CVE-2005-0567 affects phpMyAdmin 2.6.1 with multiple remote file inclusion vulnerabilities. An attacker can modify the theme parameter to phpmyadmin.css.php or the cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote server, enabling execution of arbitrary...
CVE-2005-0567
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...
CVE-2005-0567
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...
phpMyAdmin261.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 Author: Maksymilian Arciemowicz cXIb8O3 Date: 24.2.2005 - --- 0.Description --- phpMyAdmin 2.6.1 is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently i...
Path disclosure
PMASA-2005-2 Announcement-ID: PMASA-2005-2 Date: 2005-02-26 Summary Path disclosure Description By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which...
phpMyAdmin < 2.6.1 pl1 Multiple Script File Inclusions
The installed version of phpMyAdmin suffers from multiple local file include flaws due to its failure to sanitize user input prior to its use in PHP 'include' and 'requireonce' calls. Specifically, a remote attacker can control values for the 'GLOBALScfgThemePath' parameter used in...
A variable injection vulnerability was found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks and / or perform remote file inclusion.
PMASA-2005-1 Announcement-ID: PMASA-2005-1 Date: 2005-02-25 Summary A variable injection vulnerability was found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting XSS attacks and / or perform remote file inclusion. Description We received two bug reports by Maksymilian...
phpMyAdmin < 2.6.1 pl2 Libraries and Themes Multiple XSS
The installed version of phpMyAdmin suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user input in several PHP scripts used as libraries and themes. A remote attacker may use these issues to cause arbitrary code to be executed in a user's browser, to steal...
[SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 Author: Maksymilian Arciemowicz cXIb8O3 Date: 24.2.2005 - --- 0.Description --- phpMyAdmin 2.6.1 is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently i...
phpMyAdmin Detection
The remote host is running phpMyAdmin, a web-based MySQL administration tool written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17219; scriptversion"1.29"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...
CVE-2005-0543
CVE-2005-0543 = cross-site scripting in phpMyAdmin 2.6.1. Vulnerable via parameters in select_server.lib.php (strServer, cfg[BgcolorOne], strServerChoice), display_tbl_links.lib.php (bg_color, row_no), left_font_family/theme_left.css.php, and right_font_family/theme_right.css.php. Causes remote H...
CVE-2005-0543
Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...
CVE-2005-0544
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...
CVE-2005-0544
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...
CVE-2005-0543
Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...
CVE-2005-0543
Cross-site scripting XSS vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via 1 the strServer, cfgBgcolorOne, or strServerChoice parameters in selectserver.lib.php, 2 the bgcolor or rowno parameters in displaytbllinks.lib.php, the leftfontfamily...
CVE-2005-0544
CVE-2005-0544 concerns phpMyAdmin 2.6.1. The affected component is phpMyAdmin’s web interface, where direct requests to 15 internal library/ini files (e.g., sqlvalidator.lib.php, select_lang.lib.php, setup.php, cookie.auth.lib.php, etc.) can trigger error messages that leak the server’s full path...