phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures

phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures -------------------- Product: phpMyAdmin Vendor: phpMyAdmin Development Team Versions: VULNERABLE - 2.5.2 CVS in Development - 2.5.x - 2.4.x - 2.3.x - 2.2.x - 2.1.x - 2.0.x - 1.x.x NO...

phpMyAdmin 2.x - Information Disclosure

source: https://www.securityfocus.com/bid/7963/info A vulnerability has been reported for phpMyAdmin that may reveal the contents of directories to remote attackers. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, dot-dot-slash '../' directory...

phpMyAdmin < 2.5.2 Multiple Vulnerabilities

The remote host is running a version of phpMyAdmin that is vulnerable to several attacks : - It may be tricked into disclosing the physical path of the remote PHP installation. - It is vulnerable to cross-site scripting that could allow an attacker to steal the cookies of your users. - It is...

Several security issues were reported to BugTraq mailing list. However most of these issues were already fixed some time ago.

PMASA-2003-1 Announcement-ID: PMASA-2003-1 Date: 2003-06-18 Summary Several security issues were reported to BugTraq mailing list. However most of these issues were already fixed some time ago. Description Reporter wrote that he found following issues within phpMyAdmin code each issue is followed...

phpMyAdmin 2.x - Information Disclosure

phpMyAdmin 2.x - Information Disclosure source: https://www.securityfocus.com/bid/7963/info A vulnerability has been reported for phpMyAdmin that may reveal the contents of directories to remote attackers. The vulnerability exists due to insufficient sanitization of user-supplied input...

phpMyAdmin sql.php Traversal Arbitrary File Access

It is possible to make the remote phpMyAdmin installation read arbitrary data on the remote host. An attacker may use this flaw to read arbitrary files that your web server has the right to access or execute arbitrary PHP code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref:...

CVE-2001-1060

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into 1 the strCopyTableOK argument in tblcopy.php, or 2 the strRenameTableOK argument in tblrename.php...

CVE-2001-1060

phpMyAdmin 2.2.0rc3 and earlier is affected by CVE-2001-1060. The vulnerability is tied to two PHP scripts, tbl_copy.php and tbl_rename.php, where eval is used on user-controlled values (strCopyTableOK and strRenameTableOK). An attacker can craft a URL that, under certain conditions (including th...

New command execution vulnerability in myPhpAdmin

--/ Product: phpMyAdmin versions = 2.2.0rc3 --/ Problem: Arbitrary remote command execution --/ Severity: High --/ Author: Carl Livitt carl AT ititc DOT com --/ Date: 31 July 2001 ---------------------------------------------- History ------- Further to the excellent research done by Shaun Clowes...

CVE-2001-1060

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into 1 the strCopyTableOK argument in tblcopy.php, or 2 the strRenameTableOK argument in tblrename.php...

&#40;SRADV00008&#41; Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin

================================================= Secure Reality Pty Ltd. Security Advisory 8 SRADV00008 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin Released 2/7/2001 Vulnerable -...

phpMyAdmin 2.1.0 + world readable &#40;apache&#41; log files enable remote user to run arbitrary PHP Codes as apache user.

Note : sorry for my pity english. First of all, i want to ask a question, is it normal that if, in a MySQL query -via PHP-, i put "select from $table" . "files where ID=1" and i post table="atable ", MySQL consider the new query as a valid one so the final query will be "select from atable" ? It'...

CVE-2001-0478

Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. dot dot in an argument to the sql.php script...

CVE-2001-0478

CVE-2001-0478 affects phpMyAdmin 2.2.0 and earlier. The vulnerability is a directory traversal in the sql.php parameter that allows a remote attacker to execute arbitrary code by supplying a .. path segment. Several sources corroborate arbitrary code execution or arbitrary file access via sql.php...

CVE-2001-0478

Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. dot dot in an argument to the sql.php script...

&#40;SRPRE00001&#41; phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1

================================================= Secure Reality Pty Ltd. Security Pre-Advisory 1 SRPRE00001 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin Released 23/4/2001 This is a...