CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...

CVE-2004-1148

CVE-2004-1148 affects phpMyAdmin releases prior to 2.6.1 when UploadDir is enabled. The underlying issue lets an attacker read arbitrary files via the sql_localfile parameter, constituting a file-disclosure vulnerability with partial confidentiality impact (CVSS base 5.0). Public references indic...

CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...

Multiple vulnerabilities in phpMyAdmin

Exaprobe www.exaprobe.com Security Advisory Advisory Name: Multiple vulnerabilities in phpMyAdmin Release Date: 13 December 2004 Application: phpMyAdmin prior to 2.6.1-rc1 Platform: Any webserver running PHP Severity: Remote code execution Author: Nicolas Gregoire [email protected] Vendor...

phpmyadmin -- file disclosure vulnerability

A phpMyAdmin security announcement reports: File disclosure: on systems where the UploadDir mecanism is active, readdump.php can be called with a crafted form; using the fact that the sqllocalfile variable is not sanitized can lead to a file disclosure. Enabling PHP safe mode on the server can be...

Two vulnerabilities were found in phpMyAdmin, that may allow command execution and file disclosure.

PMASA-2004-4 Announcement-ID: PMASA-2004-4 Date: 2004-12-13 Summary Two vulnerabilities were found in phpMyAdmin, that may allow command execution and file disclosure. Description We received a security advisory from Nicolas Gregoire exaprobe.com about those vulnerabilities and we wish to thank h...

phpmyadmin -- command execution vulnerability

A phpMyAdmin security announcement reports: Command execution: since phpMyAdmin 2.6.0-pl2, on a system where external MIME-based transformations are activated, an attacker can put into MySQL data an offensive value that starts a shell command when browsed. Enabling PHP safe mode on the server can...

phpMyAdmin 2.x - External Transformations Remote Command Execution

source: https://www.securityfocus.com/bid/11886/info phpMyAdmin is reported prone to multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands and disclose files on a vulnerable computer. These issues result from insufficient sanitization of...

phpMyAdmin 2.x - External Transformations Remote Command Execution

phpMyAdmin 2.x - External Transformations Remote Command Execution source: https://www.securityfocus.com/bid/11886/info phpMyAdmin is reported prone to multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands and disclose files on a vulnerable compute...

phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities

According to its banner, the remote version of phpMyAdmin is vulnerable to one or both of the following flaws : - An attacker may be able to exploit this software to execute arbitrary commands on the remote host on a server which does not run PHP in safe mode. - An attacker may be able to read...

phpMyAdmin < 2.6.1-pl1 RCE

Binary data 2452.prm...

GLSA-200411-36 : phpMyAdmin: Multiple XSS vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200411-36 phpMyAdmin: Multiple XSS vulnerabilities Cedric Cochin has discovered multiple cross-site scripting vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited through the PmaAbsoluteUri parameter, the zerorows...

phpMyAdmin: Multiple XSS vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cedric Cochin has discovered multiple cross-site scripting vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited through the PmaAbsoluteUri...

CVE-2004-1055

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...

CVE-2004-1055

CVE-2004-1055 covers multiple XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier. The flaws allow remote attackers to inject arbitrary script/html via (1) PmaAbsoluteUri, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal php...

CVE-2004-1055

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...

phpMyAdmin < 2.2.1 'sql.php' Arbitrary File Access

Binary data 2418.prm...

phpMyAdmin < 2.6.0-p12 Multiple RCE

Binary data 2421.prm...

phpMyAdmin Unsupported Version Detection

Binary data 2416.prm...

phpMyAdmin < 2.5.6-rc1 Arbitrary File Access

Binary data 2419.prm...