Welcome to TheBUGS - Security related portal. Search crack, serial number, keygen, patch, activation unlock code  - phpMyAdmin "theme" and "db" Cross-Site Scripting Vulnerabilities
Press CTRL-D to bookmark us
Cracks, serial number, activation, unlock code, nocd
Welcome GuestLogin / Register / Members
Merge or split your pdf files ONLINE and FREE
Bookmark us | Set As Homepage | Advertising | Feedback | Recomend us | Link us | Your comments | Gallery | Terms
Security News | Security Library | Forums | Top Sites | Direct Downloads | Cracks / SN | Links | Books |
  -
 Network
 Top sites
 Direct Download Links
 Password Generator
 Cheats
 HackZone.RU - HACK & CRACK & ВЗЛОМ

 
 Forums
 Best Sites

 Full list
 Your site here
 
 Sponsor
 Partners

CrackSpider.NET

CrackTeam.ws

KeyGen.us



Manuals.ws

Mobile-Review.ws

Your link here
 


You are welcome to post comments and suggestions

Copyright 2001-2008 by Freeman
Search in

> TOP10 SECURITY SITES <
Your site here
Your site here
Your site here
Your site here
Your site here
Your site here
Your site here
Your site here
Your site here
Your site here
>> Your site here <<

Top Submit newsSubscribe
Access Control // Auditing // Communication // Computer Crime // Confidentiality // Cryptography // Digital Imaging // Exploit // Gadgets // Hack // Hardware // Incidents // Internet // Intrusion Detection // Linux // Malicious Code // Microsoft Windows // Mobile // Other // PDA // Phreaking // Privacy // Software Updates // Virus // Vulnerability //


Previous articleBack to news listNext article
 
 Sponsored links

Want to become one of our authors and see your work published on TheBUGS ?
 
 phpMyAdmin "theme" and "db" Cross-Site Scripting Vulnerabilities
Categorie: Vulnerability
Posted: 2006-05-15 by DiMan
Views: 1873

 
Current Rating: Not rated
Poor Best
 Details
Description:
Two vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Input passed to the "theme" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability has been reported in versions prior to 2.8.0.4 for the 2.8.0 branch.

2) Input passed to the "db" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability has been reported in some versions prior to 2.8.0.4.

Solution:
Update to version 2.8.0.4.
http://www.phpmyadmin.net/home_page/downloads.php

Provided and/or discovered by:
1) Reported by the vendor.
2) The vendor credits Sven Vetsch/Disenchant.

Original Advisory:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://www.thebugs.ws/news/trackback.php?id=1621

User comments (post your comments here)

Only registerd members can post comments and articles
 

Previous articleBack to news listNext article
 

 Last security news  Last forum messages
  • Bluesoleil (general bluetooth) drivers update 2.3.060728...
  • Blu-ray, HD DVD DRM busted...
  • FBI database hacked...
  • Phishing by phone...
  • Microsoft France site cracked...
  • Social networks poised to shape Net's future...
  • Windows Vista Beta 2 Available for Public Download...
  • Hacker Steals Energy Department Employee Data...
  • PQI Introduces 64GB NAND Flash 2.5" Disks...
  • MSIE (mshtml.dll) OBJECT tag vulnerability...

    More news... Submit news RSS
  • Cracks and Serials / Re: TurboTax for Canadians 2016
  • Cracks and Serials / Re: TurboTax for Canadians 2016
  • Cracks and Serials / Re: * Cast-soft Wysiwyg R37 cracked *
  • Cracks and Serials / Re: impГґt expert 2016
  • Cracks and Serials / Re: Ufile / ImpotExpert 2016
  • Cracks and Serials / Re: TurboTax for Canadians 2016
  • Cracks and Serials / Re: TurboTax for Canadians 2016
  • Cracks and Serials / Re: TurboTax for Canadians 2016
  • Cracks and Serials / Re: TurboTax for Canadians 2016
  • Cracks and Serials / Re: TurboTax for Canadians 2016

    Go to forums... RSS



  • Ya-Cyt SpyLOG - Спайлог Page Rank Checker