Searching phpmyadmin software vulnerabilities

Directory traversal vulnerability in phpMyAdmin

vulnerability | phpMyAdmin | Directory | traversal |

Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.


phpMyAdmin 2.2.0rc3 and earlier allows remote a

arbirtrary | phpMyAdmin | attackers | inserting | commands | earlier | execute | 220rc3 | remote | allows | into | them |

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbirtrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.


phpMyAdmin 2.6.0-pl2, and other versions before

phpMyAdmin | versions | 260-pl2 | before | other |

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.


phpMyAdmin before 2.6.1, when configured with U

phpMyAdmin | before |

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.


phpMyAdmin 2.5.1 up to 2.5.7 allows remote atta

phpMyAdmin |

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.


phpMyAdmin 2.6.1 does not properly grant permis

phpMyAdmin |

phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.


The SQL install script in phpMyAdmin 2.6.2 is c

phpMyAdmin | install | script | SQL |

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.


CRLF injection vulnerability in phpMyAdmin befo

vulnerability | unspecified | phpMyAdmin | attackers | splitting | injection | response | scripts | attacks | conduct | 264-pl4 | allows | before | remote | CRLF | HTTP | via |

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.


phpMyAdmin 2.7.0-beta1 and earlier allows remot

phpMyAdmin | directory | attackers | 270-beta1 | libraries | multiple | requests | scripts | earlier | direct | remote | allows | server | obtain | full | path | via |

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.


Cross-site scripting (XSS) vulnerability in php

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.


Cross-site scripting (XSS) vulnerability in sql

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.


SQL injection vulnerability in sql.php in phpMy

vulnerability | phpMyAdmin | attackers | arbitrary | parameter | injection | sql_query | commands | execute | 270-pl1 | sqlphp | allows | remote | SQL | via |

SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.


Cross-site scripting (XSS) vulnerability in php

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.


PhpMyAdmin 2.7.0-pl2 allows remote attackers to

libraries/commonlibphp | information | PhpMyAdmin | sensitive | attackers | message | reveals | request | 270-pl2 | remote | allows | direct | obtain | error | which | path | via |

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.


phpMyAdmin before 2.9.1.1 allows remote attacke

phpMyAdmin | before |

phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.


phpMyAdmin 2.9.1.1 allows remote attackers to o

phpMyAdmin |

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.


Multiple unspecified vulnerabilities in phpMyAd

vulnerabilities | unspecified | phpMyAdmin | Multiple | unknown | vectors | 292-rc1 | attack | before | impact | have |

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.


Cross-site scripting (XSS) vulnerability in mys

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.


Software vulnerabilities results 1 to 20 of 54     
Page: 123