CVE-2009-4605

scripts/setup.php aka the setup script in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the 1 configuration and 2 v0 parameters, which might allow remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

CVE-2009-4605

scripts/setup.php aka the setup script in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the 1 configuration and 2 v0 parameters, which might allow remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

CVE-2009-4605

CVE-2009-4605 concerns phpMyAdmin 2.11.x up to 2.11.9/2.11.10 setup.php where untrusted data is fed into unserialize, enabling CSRF and, in some reports, remote code execution in the web-server context. The vulnerability affects the setup script that processes (1) configuration and (2) v[0] param...

Alex Guestbook - Multiple Vulnerabilities

============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi...

Jevonweb Guestbook Administrative Access

Vendor: http://www.jevonweb.f2s.com/ Version: 1.0 Tested on: Windows and Linux --------------------------------------- Jevonweb Guestbook Remote Admin Access Exploit Author: Sora Contact: [email protected] Google Dork: "Jevonweb Guestbook" "http://www.jevonweb.f2s.com/"...

Jevonweb Guestbook - Remote Admin Access

Jevonweb Guestbook - Remote Admin Access Vendor: http://www.jevonweb.f2s.com/ Version: 1.0 Tested on: Windows and Linux --------------------------------------- Jevonweb Guestbook Remote Admin Access Exploit Author: Sora Contact: [email protected] Google Dork: "Jevonweb Guestbook"...

Jevonweb Guestbook - Remote Admin Access

Vendor: http://www.jevonweb.f2s.com/ Version: 1.0 Tested on: Windows and Linux --------------------------------------- Jevonweb Guestbook Remote Admin Access Exploit Author: Sora Contact: [email protected] Google Dork: "Jevonweb Guestbook" "http://www.jevonweb.f2s.com/"...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 languagesetup parameter to setup.php or 2 test parameter to index.php. NOTE: the provenance of this information is unknown; the details are...

Cross site scripting

Cross-site scripting XSS vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the languagesetup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-7141

CVE-2008-7141 is an XSS vulnerability in the setup.php file of @lex Poll 2.1, exploitable through the language_setup parameter to inject arbitrary web script or HTML. The connected documents confirm the vulnerability but do not provide exploit details, specific affected versions beyond @lex Poll ...

CVE-2008-7140

Multiple cross-site scripting XSS vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 languagesetup parameter to setup.php or 2 test parameter to index.php. NOTE: the provenance of this information is unknown; the details are...

phpMyAdmin ‘/scripts/setup.php’ code injection vulnerability-vulnerability warning-the black bar safety net

This vulnerability the code in the following test environment: phpMyAdmin 2.11.4, 2.11.9.3, 2.11.9.4, 3.0.0 and 3.0.1.1 version; The Linux kernel version 2.6.24-2 4-generic i686 GNU/Linux Ubuntu 8.04.2; and Attack environmental requirements: phpMyAdmin version: earlier than 2. 1 1. 9. 5 2. 1 1. x...

Arab Portal 2.2 Local File Inclusion

|| || | || o,7 || . o7 || q||| o\, : / / . /QQQQQQQQQQQQQQQQQQQ\ /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqaahotmail.fr /QQQQ| \QQQQ\ /QQQQ/ \QQQQ\ /QQ\QQQQ/ \QQQQ\ \QQQQQQQ/ \QQQQQ...

phpMyAdmin (/scripts/setup.php) PHP injected code-vulnerability warning-the black bar safety net

This vulnerability code in the following test environment: phpMyAdmin 2.11.4, 2.11.9.3, 2.11.9.4, 3.0.0 and 3.0.1.1 version; The Linux kernel version 2.6.24-2 4-generic i686 GNU/Linux Ubuntu 8.04.2; and Attack environment requirements: phpMyAdmin version: earlier than 2. 1 1. 9. 5 2. 1 1. x and...

phpMyAdmin (/scripts/setup.php) PHP injected code-vulnerability warning-the black bar safety net

This vulnerability the code in the following test environment: phpMyAdmin 2.11.4, 2.11.9.3, 2.11.9.4, 3.0.0 and 3.0.1.1 version; The Linux kernel version 2.6.24-2 4-generic i686 GNU/Linux Ubuntu 8.04.2; and Attack environmental requirements: phpMyAdmin version: earlier than 2. 1 1. 9. 5 2. 1 1. x...

Debian DSA-1824-1 : phpmyadmin - several vulnerabilities

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1150 Cross site scripting vulnerability in the export page allow for an attacker that can pla...

phpMyAdmin - '/scripts/setup.php' PHP Code Injection

!/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC script and providing feedback! PoC...

phpMyAdmin - scriptssetup.php PHP Code Injection

phpMyAdmin - scriptssetup.php PHP Code Injection !/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testin...

phpMyAdmin setup.php save Action Arbitrary PHP Code Injection (PMASA-2009-3)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to several variables before using them to generate a config file for the application. Using specially crafted POST requests, an unauthenticated, remote attacker may...

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...