CVE-2009-1151

CVE-2009-1151 affects phpMyAdmin 2.11.x (before 2.11.9.5) and 3.x (before 3.1.3.1). The flaw is a static code injection in setup.php that lets a remote attacker inject arbitrary PHP code into the generated configuration file via the save action. The issue arises from insufficient validation/misco...

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attack...

phpMyAdmin 'setup.php' PHP Code Injection Vulnerability

Description phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks...

PT-2009-1127 · Phpmyadmin · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 2.11.x through 2.11.9.4 phpMyAdmin versions 3.x through 3.1.3.0 Description: The issue is related to a static code injection vulnerability in the setup.php file of phpMyAdmin. This vulnerability allows remote attackers to...

GLSA-200812-20 : phpCollab: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200812-20 phpCollab: Multiple vulnerabilities Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not properly sanitized before being used ...

phpCollab: Multiple vulnerabilities

Background phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends. Description Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not...

phpMyAdmin setup.php文件跨站脚本执行漏洞

BugCVE: CVE-2008-3456,CVE-2008-3457 BUGTRAQ: 30420 phpMyAdmin的scripts/setup.php文件中showoverview $title, $list, $buttons = ''函数没有正确地过滤685行echo $val1输入参数便返回给了用户，如果用户受骗跟随了恶意链接的话就会导致在用户浏览器会话中执行任意HTML和脚本代码。 phpMyAdmin 2.11.8 Debian ------ Debian已经为此发布了一个安全公告（DSA-1641-1）以及相应补丁: DSA-1641-1：New phpmyadmin...

CVE-2008-3457

Cross-site scripting XSS vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify...

CVE-2008-3457

Cross-site scripting XSS vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify...

CVE-2008-3457

Cross-site scripting XSS vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify...

CVE-2008-3457

Cross-site scripting XSS vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify...

CVE-2008-3457

CVE-2008-3457 is a user-assisted XSS in phpMyAdmin’s setup.php, exploitable only in rare scenarios where an attacker can modify config/config.inc.php. Multiple disclosures (Debian DSA-1641-1, OSV, openVAS entries) confirm the vulnerability in phpMyAdmin prior to 2.11.8. Remediation per sources is...

MyBlog 0.9.8 - Multiple Remote Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/30310/info MyBlog is prone to multiple information-disclosure vulnerabilities because the application fails to properly restrict access to sensitive files. An unprivileged attacker may exploit these issues to obtain sensitive information. MyBlog 0.9.8 is...

sinecms-lfiexec.txt

| | | / | |\ \ / | / |/ | | | | |/ \ | | | |||| | | /| / / | | Sine CMS Local File Inclusion / RCE Registerglobals: ON | | Version: PoC: Usually, this is a correctly code, with no possible exploitation. But if registerglobals is ON, we...

SineCMS 2.3.5 - Local File Inclusion Remote Code Execution

SineCMS 2.3.5 - Local File Inclusion Remote Code Execution | | | / | |\ \ / | / |/ | | | | |/ \ | | | |||| | | /| / / | | Sine CMS Local File Inclusion / RCE Registerglobals: ON | | Version: = 2.3.5 | | Vendor: www.sinecms.net | | Discovered by: KiNgOfThEwOrLd | Intro: Sine cms is affected by a...

SineCMS 2.3.5 - Local File Inclusion / Remote Code Execution

| | | / | |\ \ / | / |/ | | | | |/ \ | | | |||| | | /| / / | | Sine CMS Local File Inclusion / RCE Registerglobals: ON | | Version: = 2.3.5 | | Vendor: www.sinecms.net | | Discovered by: KiNgOfThEwOrLd | Intro: Sine cms is affected by a local file inclusion vulnerabily with registerglobals on...

phpMyAdmin setup.php跨站脚本执行漏洞

BUGTRAQ ID: 26020 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin的setup.php文件没有正确地验证某些用户输入参数，允许远程攻击者通过提交恶意的URI请求执行跨站脚本攻击。 phpMyAdmin phpMyAdmin 2.11.1 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

about phpMyAdmin setup.php XSS vulnerability

Hi, phpMyAdmin version 2.11.1.1 was released to fix this, along with a security announcement: http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2007-5 which contains a mitigating factor: "We could only trigger it when using Internet Explorer with the 'send URLs as UTF8' setting disabled...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...