Page 13 of 86 results (0.010 seconds)

CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450 ** DISPUTADA ** Vulnerabilidad de inyección de SQL en server_privileges.php en phpMyAdmin 2.7.0 permite a atacantes remotos ejecutar órdenes SQL de su elección mediante los parámetros (1)dbname y (2) checkprivs. NOTA: el fabricante y una tercera parte disputan esta cuestión, diciendo que la tarea principal del programa es soportar la ejecución de consultas por usuarios autenticados, y no existe ningún escenario de ataque externo sin una configuración con inicio automático de sesión. Por lo tanto, es probable que esta cuestión sea rechazada. • http://marc.info/?l=bugtraq&m=113486637512821&w=2 http://secunia.com/advisories/18113 http://securityreason.com/securityalert/270 http://www.securityfocus.com/archive/1/419829/100/0/threaded http://www.securityfocus.com/archive/1/419832/100/0/threaded http://www.vupen.com/english/advisories/2005/2995 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 1%CPEs: 49EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. • http://secunia.com/advisories/17895 http://secunia.com/advisories/17957 http://secunia.com/advisories/18618 http://secunia.com/advisories/22781 http://www.debian.org/security/2006/dsa-1207 http://www.gentoo.org/security/en/glsa/glsa-200512-03.xml http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-8 http://www.securityfocus.com/archive/1/423142/100/0/threaded http://www.securityfocus.com/bid/15735 http://www.vupen.com/english/advisories/2005/2772 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables. • http://secunia.com/advisories/17925 http://secunia.com/advisories/17957 http://secunia.com/advisories/18618 http://securityreason.com/securityalert/237 http://www.gentoo.org/security/en/glsa/glsa-200512-03.xml http://www.hardened-php.net/advisory_252005.110.html http://www.osvdb.org/21508 http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-9 http://www.securityfocus.com/archive/1/418834/100/0/t •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. • http://secunia.com/advisories/17578 http://secunia.com/advisories/18618 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-7 http://www.securityfocus.com/archive/1/423142/100/0/threaded http://www.securityfocus.com/bid/16389 •

CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. Vulnerabilidad de inyección de CRLF en phpMyAdmin anteriores a 2.6.4-pl4 permite a atacantes remotos conducir ataques de separación de respuesta HTTP mediante scripts no especificados. • http://secunia.com/advisories/17578 http://secunia.com/advisories/22781 http://securitytracker.com/id?1015213 http://www.debian.org/security/2006/dsa-1207 http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 •