CVE-2005-2869

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the Username to libraries/auth/cookie.auth.lib.php or 2 the error parameter to error.php...

CVE-2005-2869

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the Username to libraries/auth/cookie.auth.lib.php or 2 the error parameter to error.php...

[SA16605] phpMyAdmin Two Cross-Site Scripting Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

phpMyAdmin < 2.6.4-RC1 XSS (deprecated)

Binary data 3193.prm...

phpMyAdmin < 2.6.4 Multiple XSS

According to its banner, the version of phpMyAdmin installed on the remote host may suffer from two cross-site scripting vulnerabilities due to its failure to sanitize user input to the 'error' parameter of the 'error.php' script and in 'libraries/auth/cookie.auth.lib.php'. A remote attacker may...

phpMyAdmin 2.x - &#039;error.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/14675/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software. Such an attack would require that the victim follows a malicious li...

phpMyAdmin 2.x - error.php Cross-Site Scripting

phpMyAdmin 2.x - error.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14675/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software. Such an attack woul...

FreeBSD : phpmyadmin -- XSS vulnerability (58247a96-01c8-11da-bc08-0001020eed82)

A phpMyAdmin security announcement reports : The convcharset parameter was not correctly validated, opening the door to a XSS attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...

FreeBSD : phpmyadmin -- information disclosure vulnerability (a7062952-9023-11d9-a22c-0001020eed82)

A phpMyAdmin security announcement reports : By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmi...

FreeBSD : phpmyadmin -- file disclosure vulnerability (9f0a405e-4edd-11d9-a9e7-0001020eed82)

A phpMyAdmin security announcement reports : File disclosure: on systems where the UploadDir mecanism is active, readdump.php can be called with a crafted form; using the fact that the sqllocalfile variable is not sanitized can lead to a file disclosure. Enabling PHP safe mode on the server can b...

FreeBSD : phpmyadmin -- increased privilege vulnerability (6192ae3d-9595-11d9-a9e0-0001020eed82)

The phpMyAdmin team reports : Escaping of the '' character was not properly done, giving a wildcard privilege when editing db-specific privileges with phpMyAdmin. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

FreeBSD : phpmyadmin -- command execution vulnerability (0ff0e9a6-4ee0-11d9-a9e7-0001020eed82)

A phpMyAdmin security announcement reports : Command execution: since phpMyAdmin 2.6.0-pl2, on a system where external MIME-based transformations are activated, an attacker can put into MySQL data an offensive value that starts a shell command when browsed. Enabling PHP safe mode on the server ca...

FreeBSD : phpmyadmin -- arbitrary file include and XSS vulnerabilities (882ef43b-901f-11d9-a22c-0001020eed82)

A phpMyAdmin security announcement reports : We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points : - css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections...

FreeBSD : phpMyAdmin (1691)

The following package needs to be updated: phpMyAdmin %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-2006 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled' forms SGML, HTML, PDF,...

phpMyAdmin 2.x - server_databases.php Cross-Site Scripting

phpMyAdmin 2.x - serverdatabases.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

phpMyAdmin 2.x - queryframe.php Cross-Site Scripting

phpMyAdmin 2.x - queryframe.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...

CVE-2005-1392

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script...

CVE-2005-1392

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script...

CVE-2005-0992

Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...

CVE-2005-1392

CVE-2005-1392 : In phpMyAdmin 2.6.2, the SQL install script is created with world-readable permissions, enabling a local attacker to read the initial pma password from the script. Affected software: phpMyAdmin 2.6.2 (initial password stored for the pma user). Impact: local confidentiality breach ...