CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0095
https://notcve.org/view.php?id=CVE-2007-0095
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. phpMyAdmin 2.9.1.1 permite a atacantes remotos obtener información sensible a través de respuestas directas para themes/darkblue_orange/layout.inc.php, lo cual revela la ruta en un mensaje de error. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html http://osvdb.org/33257 http://securityreason.com/securityalert/2104 http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 https://exchange.xforce.ibmcloud.com/vulnerabilities/31223 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6373
https://notcve.org/view.php?id=CVE-2006-6373
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. PhpMyAdmin 2.7.0-pl2 permite a atacantes remotos la obtención de información sensible a traves de una petición directa a la librería libraries/common.lib.php, que muestra la ruta en un mensaje de error. • http://securityreason.com/securityalert/1993 http://www.securityfocus.com/archive/1/453432/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/30737 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6374
https://notcve.org/view.php?id=CVE-2006-6374
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. Múltiples vulnerabilidades de inyección de CRLF en PhpMyAdmin 2.7.0-pl2 permite a atacantes remotos inyectar cabeceras HTML de su elección y conducir ataques de divisionamiento de respuestas HTTP mediante secuencias CRLF en una cookie phpMyAdmin en (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, y posiblemente otros ficheros. • http://securityreason.com/securityalert/1993 http://www.securityfocus.com/archive/1/453432/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/30703 •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2006-5718
https://notcve.org/view.php?id=CVE-2006-5718
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. Vulnerabilidad de secuencias de comandos (XSS) en error.php en phpMyAdmin 2.6.4 hasta la 2.9.0.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de codificaciones de caracteres UTF-7 or US-ASCII, lo cual son inyectados dentro de un mensaje de error, como se demostró por una respuesta con un el parámetro utf7 acompañado por datos UTF-7. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://secunia.com/advisories/22599 http://secunia.com/advisories/23086 http://www.hardened-php.net/advisory_122006.137.html http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6 http://www.securityfocus.com/archive/1/450397/100/0/threaded http://www.securityfocus.com/bid/20856 http://www.vupen.com/english/advisories/2006/4298 https://exchange.xforce.ibmcloud.com/vulnerabilities/29957 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2006-5117
https://notcve.org/view.php?id=CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. phpMyAdmin anterior a 2.9.1-rc1 tiene un directorio de librerias bajo la raíz de la documentación web con controles de acceso insuficientes, lo caul permiet a un atacante remoto obtener información sensible a través de repuesta directar para cierto archivos. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download http://secunia.com/advisories/22126 http://secunia.com/advisories/23086 http://www.securityfocus.com/bid/20253 •