Cross site scripting

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by modifying this code...

CVE-2012-5339

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of 1 an event, 2 a procedure, or 3 a trigger...

CVE-2012-5368

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by modifying this code...

CVE-2012-5339

CVE-2012-5339 concerns phpMyAdmin 3.5.x before 3.5.3, with multiple XSS flaws that allow remote authenticated users to inject arbitrary script via crafted names of (1) an event, (2) a procedure, or (3) a trigger. The affected product/version is phpMyAdmin 3.5.x prior to 3.5.3; advisories indicate...

CVE-2012-5368

CVE-2012-5368 affects phpMyAdmin 3.5.x before 3.5.3. An underlying root cause is that the JavaScript code loaded from phpmyadmin.net over non-SSL sessions can be modified in transit, enabling cross-site scripting (XSS) via MITM. Exploitation details are not provided in the documents. The practica...

CVE-2012-5368

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by modifying this code...

CVE-2012-5339

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of 1 an event, 2 a procedure, or 3 a trigger...

Oracle database to bypass login authentication-vulnerability warning-the black bar safety net

And a while back that phpmyadmin to bypass the verification is somewhat similar. An attacker can exploit this vulnerability to bypass authentication process and gain unauthorized access to the database. 1. --coding:utf8 -- 2. 3. import hashlib 4. from Crypto. Cipher import AES 5. 6. def...

phpMyAdmin 3.5.x < 3.5.3 Multiple Vulnerabilities (PMASA-2012-6 - PMASA-2012-7)

According to its self-identified version number, the phpMyAdmin 3.5.x install hosted on the remote web server is earlier than 3.5.3 and is, therefore, affected by multiple vulnerabilities : - When creating or modifying a trigger, event, or procedure with a crafted name, it is possible for a user ...

phpMyAdmin 3.5. x HTML injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability version: phpMyAdmin 3.5. x Vulnerability description: Bugtraq ID:5 5 9 2 5 CVE ID:CVE-2 0 1 2-5 3 3 9 phpMyAdmin is a PHP-based MySQL management program. phpMyAdmin Trigger, Procedure and Event pages not correctly escape HTML output, use the special name creating/modifying a trigger...

FreeBSD Ports: phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. VID ef417da3-1640-11e2-999b-e0cb4e266481 OpenVAS Vulnerability Test $ Description: Auto generated from VID ef417da3-1640-11e2-999b-e0cb4e266481 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD Ports: phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

phpMyAdmin 3.5.x HTML注入漏洞

Bugtraq ID:55925 CVE ID:CVE-2012-5339 phpMyAdmin是一款基于PHP的MySQL管理程序。 phpMyAdmin Trigger, Procedure和Event页面不正确转义HTML输出，使用特殊名创建/修改trigger, event或procedure时，可触发跨站脚本攻击，可获得敏感信息或劫持用户会话。 0 phpMyAdmin 3.5.x 厂商解决方案 phpMyAdmin 3.5.3已经修复此漏洞，建议用户下载使用： http://www.phpmyadmin.net/...

[SECURITY] Fedora 18 Update: phpMyAdmin-3.5.3-1.fc18

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

FreeBSD : phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack (ef417da3-1640-11e2-999b-e0cb4e266481)

The phpMyAdmin development team reports : When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.net website in...

Fedora 18 : phpMyAdmin-3.5.3-1.fc18 (2012-15691)

phpMyAdmin 3.5.3.0 2012-10-08 =============================== - interface Browse mode 'Show' button gives blank page if no results anymore - interface Copy Database Ajax feedback vanishes long before copying is done - interface GC-maxlifetime warning incorrectly displayed - interface Search fails...

Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages.

PMASA-2012-6 Announcement-ID: PMASA-2012-6 Date: 2012-10-12 Summary Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages. Description When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. Severity We consider these...

Fetching the version information from a non-SSL site is vulnerable to a MITM attack.

PMASA-2012-7 Announcement-ID: PMASA-2012-7 Date: 2012-10-12 Summary Fetching the version information from a non-SSL site is vulnerable to a MITM attack. Description To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.n...

phpMyAdmin 3.5.2.2 - &#039;server_sync.php&#039; Backdoor (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin 3.5.2.2 serversync.ph...

phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

The phpMyAdmin development team reports: When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.net website in...