PHPMyAdmin 2.x Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7963/info A vulnerability has been reported for phpMyAdmin that may reveal the contents of directories to remote attackers. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically,...

PHPMyAdmin 2.x Error.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14675/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software. Such an attack would require that...

Portable phpMyAdmin Wordpress Plugin Authentication Bypass

No description provided by source. 'portable-phpMyAdmin WordPress Plugin' Authentication Bypass CVE-2012-5469 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- portable-phpMyAdmin doesn't verify an existing WordPress session privileged or not when...

phpMyAdmin 2.6 theme_right.css.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generat...

plexusCMS 0.5 - XSS Remote Shell Exploit & Credentials Leak

No description provided by source. Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execute backdoor commands.txt list of...

phpMyAdmin <= 3.2 - 'server_databases.php' Remote Command Execution Vulnerability

phpMyAdmin 'serverdatabases.php' 远程命令执行漏洞 受影响的系统 Typo3 phpMyAdmin 3.2 Typo3 phpMyAdmin 3.0.1 Typo3 phpMyAdmin 3.0 Typo3 phpMyAdmin 0.2.2 Turbolinux Appliance Server 3.0 x64 Turbolinux Appliance Server 3.0 SuSE openSUSE 10.3 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 phpMyAdmin phpMyAdmin 2.11....

phpMyAdmin 3.1.0 - (CSRF) SQL Injection Vulnerability

No description provided by source. Written by Michael Brooks Special Thanks to str0ke and rGod Intro: phpMyAdmin is by far the most popular PHP project. Between phpmyadmin and the xampp project there are more than 34+ million downloads from sourceforge.net . This exploit was released along side...

phpMyAdmin 3.5.2.2 server_sync.php Backdoor

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit...

pMyAdmin 3.3.5.1 'db_create.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38707/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

pmaPWN! - phpMyAdmin Code Injection RCE Scanner & Exploit

No description provided by source. ?php $list = array '/phpmyadmin/', '/phpMyAdmin/', '/PMA/', '/pma/', '/admin/', '/dbadmin/', '/mysql/', '/myadmin/', '/phpmyadmin2/', '/phpMyAdmin2/', '/phpMyAdmin-2/', '/php-my-admin/', '/phpMyAdmin-2.2.3/', '/phpMyAdmin-2.2.6/', '/phpMyAdmin-2.5.1/',...

phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path

No description provided by source. Exploit Title: phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path Disclosure. Date: 20/04/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il Software Link: www.phpmyadmin.net | http://www.phpmyadmin.net/homepage/downloads.php Versio...

phpMyAdmin <= 3.0.1 'pmd_pdf.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31928/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

XAMPP Insecure Default Password Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13131/info An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords. An attacker may leverage this issue to gain...

phpMyAdmin 2.6 select_server.lib.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generat...

PhpMyAdmin Config File Code Injection

漏洞位置在scripts/setup.php 1315行开始： case 'save': $config = @fopen'./config/config.inc.php', 'w'; //以写的方式打开 if $config === FALSE message'error', 'Could not open config file for writing! Bad permissions?'; break; $s = getcfgstring$configuration; //$configuration = unserialize$POST'configuration'; $r =...

PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification

No description provided by source. PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili [email protected] Marco 'whitesheep' Rondini [email protected] Alessandro 'scox' Scoscia [email protected] In error.php, PhpMyAdmi...

phpMyAdmin <= 3.3.0 'db' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35531/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

phpMyAdmin 2.6 - Multiple Local File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12645/info phpMyAdmin is affected by multiple local file include vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include',...

phpMyAdmin 2.6 display_tbl_links.lib.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generat...

PhpMyAdmin 2.x sql.php pos Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could...