6026 matches found
[SECURITY] Fedora 19 Update: phpMyAdmin-3.5.8-1.fc19
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
FreeBSD : phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page (7280c3f6-a99a-11e2-8cef-6805ca0b3d42)
The phpMyAdmin development team reports : When modifying a URL parameter with a crafted value it is possible to trigger an XSS. These XSS can only be triggered when a valid database is known and when a valid cookie token is used. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...
[SECURITY] Fedora 17 Update: phpMyAdmin-3.5.8-1.fc17
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
[SECURITY] Fedora 18 Update: phpMyAdmin-3.5.8-1.fc18
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:144)
Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter CVE-2013-1937. This upgrade provides th...
XSS due to unescaped HTML output in GIS visualisation page.
PMASA-2013-1 Announcement-ID: PMASA-2013-1 Date: 2013-04-18 Summary XSS due to unescaped HTML output in GIS visualisation page. Description When modifying a URL parameter with a crafted value it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation...
phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page
The phpMyAdmin development team reports: When modifying a URL parameter with a crafted value it is possible to trigger an XSS. These XSS can only be triggered when a valid database is known and when a valid cookie token is used...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...
CVE-2013-1937
Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...
CVE-2013-1937
CVE-2013-1937 corresponds to multiple Cross-Site Scripting (XSS) vulnerabilities in phpMyAdmin. The public advisory notes an XSS flaw in tbl_gis_visualization.php within phpMyAdmin 3.5.x before 3.5.8, exploitable via the visualizationSettings[width] or visualizationSettings[height] parameters, po...
CVE-2013-1937
Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...
CVE-2013-1937
Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...
PT-2013-3479 · Phpmyadmin · Phpmyadmin
Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 3.5.x through 3.5.7 Description: Multiple cross-site scripting XSS vulnerabilities in tbl gis visualization.php might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2...
phpMyAdmin 3.5.7 Cross Site Scripting Vulnerability
phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability. Reflected XSS in phpMyAdmin 3.5.7 ==================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html...
phpMyAdmin 3.5.7 Cross Site Scripting
waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...
phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/58962/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...
phpMyAdmin - tbl_gis_visualization.php Multiple Cross-Site Scripting Vulnerabilities
phpMyAdmin - tblgisvisualization.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/58962/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage thes...
Portable phpMyAdmin Plugin for WordPress 'wp-pma-mod' Authentication Bypass
The Portable phpMyAdmin Plugin for WordPress installed on the remote host is affected by an authentication bypass vulnerability because the /wp-pma-mod/ path fails to properly authorize users. his may allow an attacker to bypass access restrictions and gain access to the administrative console to...
ShopEx 同IP下站点 PHPMYADMIN 弱口令
简要描述: ShopEx 同站点IP的站phpmyadmin弱口令 如果被长期蹲点可能会导致ShopEx 被撸! 详细说明: 今天无聊扫了下ShopEx 看看有没什么洞 然后发现 存在DEDE的后台 用尽各种网上的EXP无果 直接打 phpmyadmin撸进 各种密码组合弱口令尝试无果 灵光一闪 用该站的域名进去了去掉www..com 漏洞证明: phpmyadmin后台 dede后台 一句话...
Phpmyadmin Backdoor RCE
PhpMyAdmin Backdoor Arbitrary Command Execution Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...