CVSS: 8.8EPSS: 0%CPEs: 57EXPL: 0CVE-2015-2206 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-2206
09 Mar 2015 — libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. libraries/select_lang.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.9, 4.2.x anterior a 4.2.13.2, y 4.3.x anterior a 4.3.11.1 incluye... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151331.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2011-3591
https://notcve.org/view.php?id=CVE-2011-3591
26 Dec 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js. Múltiples vulnerabilidades XSS en phpMyAdmin 3.4.x anterior a 3.4.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML através de una fila mod... • http://www.openwall.com/lists/oss-security/2011/09/30/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2011-3592
https://notcve.org/view.php?id=CVE-2011-3592
26 Dec 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation. Múltiples vulnerabilidades XSS en la función PMA_unInlineEditRow en js/sql.js en phpMyAdmin 3.4.x anterior a 3.4.5 permite a usuarios remotos autenticados inyectar secuencias de coma... • http://www.openwall.com/lists/oss-security/2011/09/30/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 20%CPEs: 53EXPL: 4CVE-2014-9218 – phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service
https://notcve.org/view.php?id=CVE-2014-9218
08 Dec 2014 — libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. libraries/common.inc.php en phpMyAdmin 4.0.x anterior a 4.0.10.7, 4.1.x anterior a 4.1.14.8, y 4.2.x anterior a 4.2.13.1 permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de una contraseña larga. Multiple vulnerabilities has been discovered and corrected in lib... • https://www.exploit-db.com/exploits/35539 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 1CVE-2014-9219 – Mandriva Linux Security Advisory 2014-243
https://notcve.org/view.php?id=CVE-2014-9219
08 Dec 2014 — Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de XSS en la caracteristica de redirección en url.php en phpMyAdmin 4.2.x anterior a 4.2.13.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro url. Multiple vulnerabilities has been discovered and corrected in libraries/common.inc.php in p... • http://www.mandriva.com/security/advisories?name=MDVSA-2014:243 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 1CVE-2014-8960 – Mandriva Linux Security Advisory 2014-228
https://notcve.org/view.php?id=CVE-2014-8960
26 Nov 2014 — Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Vulnerabilidad de XSS en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a... • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 59EXPL: 1CVE-2014-8959 – Mandriva Linux Security Advisory 2014-228
https://notcve.org/view.php?id=CVE-2014-8959
26 Nov 2014 — Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. Vulnerabilidad de salto de directorio en libraries/gis/GIS_Factory.class.php en el editor GIS en phpMyAdmin 4.0.x anterior a 4.0.10.6, 4.1.x anterior a 4.1.14.7, y 4.2.x anterior a 4.2.12 permite a usuarios remotos aute... • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 0CVE-2014-8958 – Mandriva Linux Security Advisory 2014-228
https://notcve.org/view.php?id=CVE-2014-8958
26 Nov 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly ha... • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2014-8961 – Mandriva Linux Security Advisory 2014-228
https://notcve.org/view.php?id=CVE-2014-8961
26 Nov 2014 — Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. Vulnerabilidad de salto de directorio en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados obt... • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 55EXPL: 2CVE-2014-8326 – Mandriva Linux Security Advisory 2014-208
https://notcve.org/view.php?id=CVE-2014-8326
24 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.5, 4.1.x anterior a 4.1.14.6, ... • http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •