CVE-2005-0992

Summary: CVE-2005-0992 is an XSS in phpMyAdmin’s index.php via the convcharset parameter. The NVD entry lists a base score of 4.3 (MEDIUM) with network access, no confidentiality impact, but partial integrity impact and no availability impact. Connected OpenVAS entries tie the vulnerability to ph...

CVE-2005-0992

Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...

phpMyAdmin index.php convcharset Parameter XSS

The installed version of phpMyAdmin suffers from a cross-site scripting vulnerability due to its failure to sanitize user input to the 'convcharset' parameter of the 'index.php' script. A remote attacker may use these vulnerabilities to cause arbitrary code to be executed in a user's browser to...

[SA14799] phpMyAdmin "convcharset" Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: phpMyAdmin "convcharset" Cross-Site Scripting...

phpMyAdmin < 2.6.2-RC1 RCE

Binary data 2787.prm...

phpmyadmin -- cross site scripting vulnerability

A phpMyAdmin security announcement reports: The convcharset parameter was not correctly validated, opening the door to a XSS attack...

phpMyAdmin 2.x - Convcharset Cross-Site Scripting

source: https://www.securityfocus.com/bid/12982/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'convcharset' parameter. phpMyAdmin versions prior to 2.6.2-rc1 are affected by this issue...

phpMyAdmin 2.x - Convcharset Cross-Site Scripting

phpMyAdmin 2.x - Convcharset Cross-Site Scripting source: https://www.securityfocus.com/bid/12982/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'convcharset' parameter. phpMyAdmin versions prior to 2.6.2-rc1 are...

Cross-Site Scripting vulnerability

PMASA-2005-3 Announcement-ID: PMASA-2005-3 Date: 2005-04-03 Summary Cross-Site Scripting vulnerability Description We received a security advisory from Oriol Torrent Santiago and we wish to thank him for his work and report. The convcharset parameter was not correctly validated, opening the door ...

[SA14599] phpMyAdmin &quot;_&quot; Wildcard Permissions Security Bypass

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

CVE-2005-0653

CVE-2005-0653 affects phpMyAdmin 2.6.1 and concerns improper permission handling on tables whose names contain an underscore. The vulnerability allows remote authenticated users to obtain more privileges than intended for those tables, with a CVSSv2 base score of 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)....

CVE-2005-0653

phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended...

DEBIAN-CVE-2004-1055

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...

CVE-2005-0567

CVE-2005-0567 affects phpMyAdmin 2.6.1 with multiple remote file inclusion vulnerabilities. An attacker can modify the theme parameter to phpmyadmin.css.php or the cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote server, enabling execution of arbitrary...

CVE-2005-0567

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...

CVE-2005-0567

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...

Path disclosure

PMASA-2005-2 Announcement-ID: PMASA-2005-2 Date: 2005-02-26 Summary Path disclosure Description By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which...

A variable injection vulnerability was found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks and / or perform remote file inclusion.

PMASA-2005-1 Announcement-ID: PMASA-2005-1 Date: 2005-02-25 Summary A variable injection vulnerability was found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting XSS attacks and / or perform remote file inclusion. Description We received two bug reports by Maksymilian...

CVE-2005-0543

CVE-2005-0543 = cross-site scripting in phpMyAdmin 2.6.1. Vulnerable via parameters in select_server.lib.php (strServer, cfg[BgcolorOne], strServerChoice), display_tbl_links.lib.php (bg_color, row_no), left_font_family/theme_left.css.php, and right_font_family/theme_right.css.php. Causes remote H...

CVE-2005-0544

CVE-2005-0544 concerns phpMyAdmin 2.6.1. The affected component is phpMyAdmin’s web interface, where direct requests to 15 internal library/ini files (e.g., sqlvalidator.lib.php, select_lang.lib.php, setup.php, cookie.auth.lib.php, etc.) can trigger error messages that leak the server’s full path...