CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

phpMyAdmin 2.6 - 'display_tbl_links.lib.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may...

phpMyAdmin 2.6 - 'theme_left.css.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may...

phpmyadmin -- information disclosure vulnerability

A phpMyAdmin security announcement reports: By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin...

CVE-2005-0459

CVE-2005-0459 affects phpMyAdmin 2.6.2-dev (and possibly earlier) and allows remote attackers to discover the full web-root path by requesting select_lang.lib.php, causing a PHP error message that reveals the path. The vulnerability is due to error output disclosing the filesystem path; no exploi...

CVE-2005-0459

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...

CVE-2004-1147

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters...

CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...

DEBIAN-CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...

CVE-2004-2632

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg'Servers' variables...

CVE-2004-1147

Affected software: phpMyAdmin 2.6.0-pl2 and earlier versions before 2.6.1. Vulnerable condition: external MIME-based transformations enabled. Root cause: input containing shell metacharacters leads to remote command execution. Impact: allows remote attackers to execute arbitrary commands on the s...

CVE-2004-1148

CVE-2004-1148 affects phpMyAdmin releases prior to 2.6.1 when UploadDir is enabled. The underlying issue lets an attacker read arbitrary files via the sql_localfile parameter, constituting a file-disclosure vulnerability with partial confidentiality impact (CVSS base 5.0). Public references indic...

CVE-2004-1147

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters...

CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...

Multiple vulnerabilities in phpMyAdmin

Exaprobe www.exaprobe.com Security Advisory Advisory Name: Multiple vulnerabilities in phpMyAdmin Release Date: 13 December 2004 Application: phpMyAdmin prior to 2.6.1-rc1 Platform: Any webserver running PHP Severity: Remote code execution Author: Nicolas Gregoire [email protected] Vendor...

CVE-2004-1055

CVE-2004-1055 covers multiple XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier. The flaws allow remote attackers to inject arbitrary script/html via (1) PmaAbsoluteUri, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal php...

CVE-2004-1055

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...

Multiple XSS vulnerability were found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks.

PMASA-2004-3 Announcement-ID: PMASA-2004-3 Date: 2004-11-18 Summary Multiple XSS vulnerability were found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting XSS attacks. Description We received a security advisory from Cedric Cochin netvigilance.com about those...

CVE-2004-0129

CVE-2004-0129: Directory traversal in phpMyAdmin export.php affects 2.5.5 and earlier; attackers can read arbitrary files via .. in the what parameter. Root cause: insufficient validation of the file path. Impact: potential exposure of server files; CVSS v2 base 5.0 per records. Patch/remediation...

DEBIAN-CVE-2004-0129

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. dot dot sequences in the what parameter...