CVE-2005-1392

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script...

CVE-2005-0459

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0567

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...

CVE-2005-0653

phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended...

CVE-2005-0992

Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...

DEBIAN-CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0459

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0567

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...

CVE-2005-0653

phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended...

CVE-2005-0992

Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...

CVE-2005-1392

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script...

GLSA-200504-30 : phpMyAdmin: Insecure SQL script installation

"The remote host is affected by the vulnerability described in GLSA-200504-30 phpMyAdmin: Insecure SQL script installation The phpMyAdmin installation process leaves the SQL install script with insecure permissions. Impact : A local attacker could exploit this vulnerability to obtain the initial...

[Full-disclosure] [ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation

Gentoo Linux Security Advisory GLSA 200504-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

phpMyAdmin: Insecure SQL script installation

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. phpMyAdmin uses a pma MySQL user to control the linked-tables infrastructure. The SQL install script sets the initial password for the pma user. Description The phpMyAdmin...

phpMyAdmin262XSS.txt

========================================================== Title: phpMyAdmin Cross-site Scripting Vulnerability Application: phpMyAdmin Vendor: http://www.phpmyadmin.net Vulnerable Versions: References: http://www.arrelnet.com/advisories/adv20050403.html...

GLSA-200504-08 : phpMyAdmin: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200504-08 phpMyAdmin: XSS vulnerability Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the 'convcharset' variable, rendering it vulnerable to cross-site scripting attacks. Impact : By sending a...

XAMPP - Insecure Default Password Disclosure

source: https://www.securityfocus.com/bid/13131/info An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords. An attacker may leverage this issue to gain access to the default passwords f...

phpMyAdmin: Cross-site scripting vulnerability

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the "convcharset" variable, rendering it vulnerable to cross-site scripting...