40 matches found
Fedora 23 : php-udan11-sql-parser-3.0.4-1.fc23 / phpMyAdmin-4.5.1-1.fc23 (2015-287c164df5)
phpMyAdmin 4.5.1.0 2015-10-23 =============================== - Invalid argument supplied for foreach - arraykeyexists expects parameter 2 to be array - Notice Undefined index: dropdatabase - Server variable edition in ANSIQUOTES sqlmode: losing current value - Propose table structure broken -...
[ MDVSA-2014:194 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:194 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : October 3, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in phpmyadmin...
DEBIAN-CVE-2014-7217
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...
CVE-2014-7217
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...
UBUNTU-CVE-2014-7217
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...
CVE-2014-7217
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...
CVE-2014-7217
CVE-2014-7217 corresponds to multiple XSS vulnerabilities in phpMyAdmin: remote authenticated users could inject arbitrary web script via a crafted ENUM value during rendering of the table search or table structure pages. The issue affects phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, ...
phpMyAdmin -- XSS vulnerabilities
The phpMyAdmin development team reports: With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...
XSS vulnerabilities in table search and table structure pages.
PMASA-2014-11 Announcement-ID: PMASA-2014-11 Date: 2014-10-01 Summary XSS vulnerabilities in table search and table structure pages. Description With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. Severity We consider this vulnerability to be non...
shopex the latest version front an unexpected SQL injection vulnerability-vulnerability warning-the black bar safety net
shopex code The core of the place to do the encryption process, to find loopholes just need a little imagination, such as thisSQL injection... Exists in the user registrycan't think of the location? /core/shop/controller/ctl.passport.php 2 6 7 row if !$ info = $account-create$POST,$message ... 2...
shopex最新版前台一处想不到的SQL注入
简要描述: shopex代码核心的地方都做了加密处理,找漏洞就需要一点想象空间了,比如这个SQL注入... 详细说明: 存在于用户注册想不到的位置吧? 1. /core/shop/controller/ctl.passport.php 267行 if !$info = $account-create$POST,$message ... 2.看到1,想到有没有可能$account-create是foreach $POST构造sql语句的呐? 3.看数据表结构: 果断提交时$POST里加入memberid测试其实测试时我还试了mobile等,嘿,只捡有用的字段说,然后就有了下图: 漏洞证明:...
The establishment of the station star the latest 0DAY and fix-vulnerability warning-the black bar safety net
//the codepublic function saveprofile $userinfo =@ ParamHolder::get'user', array;//get array if sizeof$userinfo = 0 $this-assign'json', Toolkit::jsonERR'Missing user information!'; return 'result'; $passwdchanged = false; try $ouser = new UserSessionHolder::get'user/id'; if $userinfo'email' !=...
hiweb cms background more permissions bypass-vulnerability warning-the black bar safety net
HIWEB is an entire Station management system, many schools in use this to take the station. But this cms background the presence of many of the permissions to bypass the problem. 1. http://xxxx/hiwebcms/system/USER/ You can directly see all the background user information 2...
Fedora 16 : phpMyAdmin-3.5.0-1.fc16 (2012-5624)
Changes for 3.5.0.0 2012-04-07 : - interface Add support for mass prefix change. - display 'up to date' message on main page when current version is up to date - feature Update to jQuery 1.6.2 - search Show/hide db search results - patch Add gettext wrappers around a message - cleanup Remove...
How to use the database to crack the md5-vulnerability warning-the black bar safety net
Why password the number of bits short of MD5 unsafe? A length of 4 pure lowercase letters to generate passwords in the database with the help of Can in 0. 005s is cracked. This time also includes a connection to the database the time, the running environment is in my 900MHZ personal PC. Note that...
Hack how to Access to access MSSQL Data-vulnerability warning-the black bar safety net
First of all note that, this method have long had, but with time probably in my head quiet for too long, it has been in the oblivion state. Thanks for the Trace information. Often encounter arbitrary File Download vulnerability, the General processing method is to put the database connection file...
Gentoo Security Advisory GLSA 200708-10 (mysql)
The remote host is missing updates announced in advisory GLSA 200708-10. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
New release of MySQL fixes security bugs
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure...
New release of MySQL fixes security bugs
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure...
CVE-2007-3781
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure...