PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification

No description provided by source. PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili [email protected] Marco 'whitesheep' Rondini [email protected] Alessandro 'scox' Scoscia [email protected] In error.php, PhpMyAdmi...

phpMyAdmin 2.6 select_server.lib.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generat...

phpMyAdmin 2.6 display_tbl_links.lib.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generat...

PHPMyAdmin 2.x Error.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14675/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software. Such an attack would require that...

phpMyAdmin 2.6 theme_right.css.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generat...

phpMyAdmin 2.6 - Multiple Local File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12645/info phpMyAdmin is affected by multiple local file include vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include',...

phpMyAdmin 2.6 theme_left.css.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generat...

phpMyAdmin 3.1.0 - (CSRF) SQL Injection Vulnerability

No description provided by source. Written by Michael Brooks Special Thanks to str0ke and rGod Intro: phpMyAdmin is by far the most popular PHP project. Between phpmyadmin and the xampp project there are more than 34+ million downloads from sourceforge.net . This exploit was released along side...

XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities

No description provided by source. Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 = multiple vulnerabilities Date: 6/04/2014 Author: hackerDesk Software Link: http://www.apachefriends.org/en/xampp-windows.html Version: 3.2.1 & 4.1.6 Tested on: Windows 7 CVE : kuDos tO: Mayank Kapoor@wHys0SerI0s Sujoy...

PhpMyAdmin Config File Code Injection

漏洞位置在scripts/setup.php 1315行开始： case 'save': $config = @fopen'./config/config.inc.php', 'w'; //以写的方式打开 if $config === FALSE message'error', 'Could not open config file for writing! Bad permissions?'; break; $s = getcfgstring$configuration; //$configuration = unserialize$POST'configuration'; $r =...

phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path

No description provided by source. Exploit Title: phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path Disclosure. Date: 20/04/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il Software Link: www.phpmyadmin.net | http://www.phpmyadmin.net/homepage/downloads.php Versio...

phpMyAdmin <= 3.3.0 'db' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35531/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection

No description provided by source. Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link: http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/ Tested on: Windows and Linux -...

phpMyAdmin <= 3.0.1 'pmd_pdf.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31928/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

phpMyAdmin <= 2.11.1 Setup.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26020/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

phpDEV5 - Remote Default Insecure Users Vuln

No description provided by source. ------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL :...

Portable phpMyAdmin Wordpress Plugin Authentication Bypass

No description provided by source. 'portable-phpMyAdmin WordPress Plugin' Authentication Bypass CVE-2012-5469 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- portable-phpMyAdmin doesn't verify an existing WordPress session privileged or not when...

phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities

No description provided by source. waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind waraxe Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html...

phpMyAdmin 2.x Export.PHP File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9564/info phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be...

XAMPP Insecure Default Password Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13131/info An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords. An attacker may leverage this issue to gain...