6016 matches found
phpMyAdmin < 2.5.2 Multiple Vulnerabilities
Binary data 2420.prm...
phpMyAdmin < 2.6.0-p13 XSS
Binary data 2417.prm...
phpMyAdmin < 2.6.0-pl3 Multiple XSS
The version of phpMyAdmin installed on the remote host is vulnerable to cross-site scripting attacks through various parameters and scripts. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. %NASLMINLEVEL 70300 C Tenable Network Securit...
[SA13241] phpMyAdmin Cross-Site Scripting Vulnerabilities
TITLE: phpMyAdmin Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA13241 VERIFY ADVISORY: http://secunia.com/advisories/13241/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: phpMyAdmin 2.x http://secunia.com/product/1720/ DESCRIPTION: Cedric Cochin ha...
phpMyAdmin -- cross-site scripting vulnerabilities
Multiple cross-site scripting vulnerabilities, caused by improper input parameter sanitizing, were detected in phpMyAdmin, which may enable an attacker to do cross-site scripting attacks...
Multiple XSS vulnerability were found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks.
PMASA-2004-3 Announcement-ID: PMASA-2004-3 Date: 2004-11-18 Summary Multiple XSS vulnerability were found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting XSS attacks. Description We received a security advisory from Cedric Cochin netvigilance.com about those...
FreeBSD : phpmyadmin -- remote command execution vulnerability (143)
The following package needs to be updated: phpMyAdmin %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgfc07c9ca22ce11d9814e0001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
GLSA-200410-14 : phpMyAdmin: Vulnerability in MIME-based transformation system
The remote host is affected by the vulnerability described in GLSA-200410-14 phpMyAdmin: Vulnerability in MIME-based transformation system A defect was found in phpMyAdmin's MIME-based transformation system, when used with 'external' transformations. Impact : A remote attacker could exploit this...
phpMyAdmin: Vulnerability in MIME-based transformation system
Background phpMyAdmin is a popular web-based MySQL administration tool written in PHP. It allows users to browse and administer a MySQL database from a web-browser. Transformations are a phpMyAdmin feature allowing plug-ins to rewrite the contents of any column seen in phpMyAdmin's Browsing mode,...
phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution
According to its banner, the remote version of phpMyAdmin is between 2.5.0 and 2.6.0-pl1. Such versions may allow an authenticated, remote attacker to run arbitrary commands subject to the privileges of the web server due to the way external MIME-based transformations are handled. Note that...
[SA12813] phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability
TITLE: phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability SECUNIA ADVISORY ID: SA12813 VERIFY ADVISORY: http://secunia.com/advisories/12813/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: phpMyAdmin 2.x http://secunia.com/product/1720/ DESCRIPTION: A...
When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user.
PMASA-2004-2 Announcement-ID: PMASA-2004-2 Date: 2004-10-12 Summary When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user. Description phpMyAdmin allows to use MIME transformations for displayi...
phpmyadmin -- remote command execution vulnerability
From the phpMyAdmin 2.6.0p2 release notes: If PHP is not running in safe mode, a problem in the MIME-based transformation system with an "external" transformation allows to execute any command with the privileges of the web server's user...
CVE-2004-0129
CVE-2004-0129: Directory traversal in phpMyAdmin export.php affects 2.5.5 and earlier; attackers can read arbitrary files via .. in the what parameter. Root cause: insufficient validation of the file path. Impact: potential exposure of server files; CVSS v2 base 5.0 per records. Patch/remediation...
CVE-2004-0129
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. dot dot sequences in the what parameter...
CVE-2004-0129
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. dot dot sequences in the what parameter...
GLSA-200407-22 : phpMyAdmin: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200407-22 phpMyAdmin: Multiple vulnerabilities Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including host, name, and password by appending new settings to...
GLSA-200402-05 : phpMyAdmin < 2.5.6-rc1: possible attack against export.php
The remote host is affected by the vulnerability described in GLSA-200402-05 phpMyAdmin 2.5.6-rc1: possible attack against export.php One component of the phpMyAdmin software package export.php does not properly verify input that is passed to it from a remote user. Since the input is used to...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...
FreeBSD : Remote code injection in phpMyAdmin (142)
The following package needs to be updated: phpMyAdmin %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg0d4c31accb9111d88898000d6111a684.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...