7825 matches found
phpMyAdmin 3.x setup脚本远程跨站脚本漏洞
CVE ID: CVE-2010-3263 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin的setup脚本没有正确地过滤提交给setup/frames/index.inc.php页面的参数,远程攻击者可以通过恶意服务器名称注入并执行任意Web脚本或HTML。 phpMyAdmin 3.x 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
DEBIAN-CVE-2010-3263
Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...
CVE-2010-3263
Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...
CVE-2010-3263
Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...
Cross site scripting
Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...
CVE-2010-3263
Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...
CVE-2010-3263
Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...
XSS attack on setup script.
PMASA-2010-7 Announcement-ID: PMASA-2010-7 Date: 2010-09-08 Summary XSS attack on setup script. Description It was possible to conduct a XSS attack using spoofed request to setup script. Severity We consider this vulnerability to be non critical. Affected Versions For 3.x: versions before 3.3.7 a...
Device Information (devinfo.xml)
It was possible to download the file 'devinfo.xml' from the remote web server. This file is intended to be read by a setup utility. It contains a description of the device, installation instructions and sometimes credentials for an Internet subscription. C Tenable Network Security, Inc...
phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)
The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. Submitting a specially crafted POST request can result in arbitrary PHP code injection. A remote...
CVE-2010-3055
The configuration setup script aka scripts/setup.php in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request...
DEBIAN-CVE-2010-3055
The configuration setup script aka scripts/setup.php in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request...
CVE-2010-3055
The configuration setup script aka scripts/setup.php in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request...
CVE-2010-3055
The configuration setup script aka scripts/setup.php in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request...
CVE-2010-3056
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 dbsearch.php, 2 dbsql.php, 3 dbstructure.php, 4 js/messages.php, 5 libraries/common.lib.php, 6...
CVE-2010-2241
The 1 setup-ds.pl and 2 setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts...
Design/Logic Flaw
The 1 setup-ds.pl and 2 setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts...
CVE-2010-2241
The 1 setup-ds.pl and 2 setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts...
CVE-2010-2241
CVE-2010-2241 affects Red Hat Directory Server up to version 8.1.x (before 8.2). The vulnerable component comprises the setup-ds.pl and setup-ds-admin.pl setup scripts, which create cache files with world-readable permissions. This underprivileged exposure allows a local user to obtain sensitive ...
[DCA-0006] Baby ASP Web Server DoS
DCA-0006 Software - Baby ASP Server Vendor Product Description - This program was build as an alternative for Microsoft's IIS. The main goal was to design a simple web server with support for ASP. Setting up Baby ASP Web Server is very easy: copy the executable to a directory of your choice, set...