phpMyAdmin < 2.6.0-pl3 XSS Vulnerability

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] [DSA 880-1] New phpmyadmin packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 880-1 [email protected] http://www.debian.org/security/ Martin Schulze November 2nd, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 880-1] New phpmyadmin packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 880-1 [email protected] http://www.debian.org/security/ Martin Schulze November 2nd, 2005 http://www.debian.org/security/faq -...

DSA-880-1 phpmyadmin - several

Bulletin has no description...

phpMyAdmin 2.7 - &#039;sql.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/17487/info PHPMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...

phpMyAdmin 2.7 - sql.php Cross-Site Scripting

phpMyAdmin 2.7 - sql.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17487/info PHPMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

GLSA-200510-21 : phpMyAdmin: Local file inclusion and XSS vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200510-21 phpMyAdmin: Local file inclusion and XSS vulnerabilities Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg...

phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote host is affected by a local file inclusion vulnerability that can be exploited by an unauthenticated attacker to read arbitrary files, and possibly even to execute arbitrary PHP code on the affected host subject to the permissions of the web serve...

phpMyAdmin: Local file inclusion and XSS vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...

CVE-2005-3301

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to 1 left.php, 2 queryframe.php, or 3 serverdatabases.php...

CVE-2005-3301

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to 1 left.php, 2 queryframe.php, or 3 serverdatabases.php...

CVE-2005-3301

phpMyAdmin prior to 2.6.4-pl3 contains multiple cross-site scripting (XSS) vulnerabilities (notably CVE-2005-3301) exploitable via left.php, queryframe.php, and server_databases.php. Some issues also involve unsafe handling in grab_globals.php (CVE-2005-3300) and related cookie/login error-page p...

CVE-2005-3301

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to 1 left.php, 2 queryframe.php, or 3 serverdatabases.php...

CVE-2005-3301

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to 1 left.php, 2 queryframe.php, or 3 serverdatabases.php...

CVE-2005-3299

PHP file inclusion vulnerability in grabglobals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $redirect parameter, possibly involving the subform array...

CVE-2005-3300

The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...

CVE-2005-3299

PHP file inclusion vulnerability in grabglobals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $redirect parameter, possibly involving the subform array...

CVE-2005-3300

The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...

CVE-2005-3299

The CVE-2005-3299 entry describes a PHP file inclusion (local inclusion) vulnerability in phpMyAdmin 2.6.4 and 2.6.4-pl1, caused by improper validation of the $__redirect parameter in libraries/grab_globals.lib.php, potentially involving the subform array. This allows remote attackers to include ...

CVE-2005-3300

CVE-2005-3300 affects phpMyAdmin prior to 2.6.4-pl3. The issue is in the register_globals emulation layer (grab_globals.php): it does not perform safety checks on values in the _FILES array for uploaded files, which could allow a remote attacker to induce phpMyAdmin to include an arbitrary local ...