CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2013-4995 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2013-4995
30 Jul 2013 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information. Vulnerabilidad XSS en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a través de una petición SQL que no está manejada adecuadamen... • http://secunia.com/advisories/59832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2013-4996 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2013-4996
30 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file. Múltiples vulnerabilidades de XSS en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a atacantes r... • http://secunia.com/advisories/59832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2013-5000 – Mandriva Linux Security Advisory 2013-203
https://notcve.org/view.php?id=CVE-2013-5000
30 Jul 2013 — phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. phpMyAdmin 3.5.x anterior a 3.5.8.2, permite a a atacantes remotos obtener información sensible a través de una petición inválida, que muestra la ruta de instalación en un mensaje de error. Relacionado con config.default.php y otros archivos. Multiple vulnerabilities have been found in phpMyAdmi... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2013-5001 – Gentoo Linux Security Advisory 201311-02
https://notcve.org/view.php?id=CVE-2013-5001
30 Jul 2013 — Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. Vulnerabilidad XSS enlibraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php en phpMyAdmin 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente inyectar s... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2013-5003 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2013-5003
30 Jul 2013 — Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. Múltiples vulnerabilidades de inyección SQL en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente ejecutar comandos SQL arbitrarios a través de (1)el parámetro "scale" a pmd_pdf.php o (2)... • http://secunia.com/advisories/59832 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4999 – Gentoo Linux Security Advisory 201311-02
https://notcve.org/view.php?id=CVE-2013-4999
30 Jul 2013 — phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. phpMyAdmin 4.0.x anterior a 4.0.4.2, permite a atacantes remotos obtener información sensible a través de una petición inválida, que revela la ruta de instalación en un mensaje de error. Relacionado con Error.class.php y Error_Handler.class.php. Multiple vulnerabilities have been found ... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2013-3742
https://notcve.org/view.php?id=CVE-2013-3742
04 Jul 2013 — Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. Vulnerabilidad de ejecuciónd de secuencias de comandos en sitios cruzados (XSS) en view_create.php (también conocido como la página Create View) en phpMyAdmin v4.x antes de v4.0.3 permite a usuarios remotos autenticados inyectar... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2013-4729
https://notcve.org/view.php?id=CVE-2013-4729
04 Jul 2013 — import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request. import.php en phpMyAdmin v4.x anterior a v4.0.4.1 no restringe correctamente la capacidad de la entrada de datos a un formato de fichero específico, lo que permite a usuarios remotamente autenticados modificar el array global GLOBALS, y conse... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 1CVE-2013-3241 – phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3241
26 Apr 2013 — export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request. export.php (también conocido como script de exportación) en phpMyAdmin v4.x antes de v4.0.0-RC3 sobrescribe las variables globales sobre la base del contenido de la matriz superglobal POST, lo que permite a usuarios remotos autenticados inyectar valores a través de una soli... • https://www.exploit-db.com/exploits/25003 •
CVSS: 9.8EPSS: 57%CPEs: 13EXPL: 3CVE-2013-3238 – phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-3238
26 Apr 2013 — phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. phpMyAdmin v3.5.x antes de v3.5.8 y v4.x antes de v4.0.0-RC3 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una secuencia /e\x00, que no se utilizan con cuidado antes de hacer una llamada a la función preg_replace en el "Repla... • https://www.exploit-db.com/exploits/25136 •