NotCVE - vendor:"Phpmyadmin" product:"Phpmyadmin" version:"

Page 15 of 268 results (0.010 seconds)

CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0

CVE-2013-5001 – Gentoo Linux Security Advisory 201311-02

https://notcve.org/view.php?id=CVE-2013-5001

30 Jul 2013 — Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. Vulnerabilidad XSS enlibraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php en phpMyAdmin 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente inyectar s... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0

CVE-2013-5003 – Debian Security Advisory 2975-1

https://notcve.org/view.php?id=CVE-2013-5003

30 Jul 2013 — Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. Múltiples vulnerabilidades de inyección SQL en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente ejecutar comandos SQL arbitrarios a través de (1)el parámetro "scale" a pmd_pdf.php o (2)... • http://secunia.com/advisories/59832 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0

CVE-2013-4997 – Gentoo Linux Security Advisory 201311-02

https://notcve.org/view.php?id=CVE-2013-4997

30 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value. Múltiples vulnerabilidades de XSS en phpMyAdmin 3.5.x anterior a 3.5.8.2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de vectores que involucran un evento JavaScript en (1) un identi... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2013-4998 – Mandriva Linux Security Advisory 2013-203

https://notcve.org/view.php?id=CVE-2013-4998

30 Jul 2013 — phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a atacantes remotos obtener información sensible a través de una petición inválida, que revela la ruta de instalación en un mensaje de error. Relacionado con pmd_common.php y otros archivos. Multiple vul... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2013-4999 – Gentoo Linux Security Advisory 201311-02

https://notcve.org/view.php?id=CVE-2013-4999

30 Jul 2013 — phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. phpMyAdmin 4.0.x anterior a 4.0.4.2, permite a atacantes remotos obtener información sensible a través de una petición inválida, que revela la ruta de instalación en un mensaje de error. Relacionado con Error.class.php y Error_Handler.class.php. Multiple vulnerabilities have been found ... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2013-5002 – Debian Security Advisory 2975-1

https://notcve.org/view.php?id=CVE-2013-5002

30 Jul 2013 — Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. Vulnerabilidad XSS en libraries/schema/Export_Relation_Schema.class.php en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente inyectar secuencias web o HTML arbitrarias a trav... • http://secunia.com/advisories/59832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2013-3742

https://notcve.org/view.php?id=CVE-2013-3742

04 Jul 2013 — Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. Vulnerabilidad de ejecuciónd de secuencias de comandos en sitios cruzados (XSS) en view_create.php (también conocido como la página Create View) en phpMyAdmin v4.x antes de v4.0.3 permite a usuarios remotos autenticados inyectar... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2013-4729

https://notcve.org/view.php?id=CVE-2013-4729

04 Jul 2013 — import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request. import.php en phpMyAdmin v4.x anterior a v4.0.4.1 no restringe correctamente la capacidad de la entrada de datos a un formato de fichero específico, lo que permite a usuarios remotamente autenticados modificar el array global GLOBALS, y conse... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 59%CPEs: 13EXPL: 3

CVE-2013-3238 – phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution

https://notcve.org/view.php?id=CVE-2013-3238

26 Apr 2013 — phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. phpMyAdmin v3.5.x antes de v3.5.8 y v4.x antes de v4.0.0-RC3 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una secuencia /e\x00, que no se utilizan con cuidado antes de hacer una llamada a la función preg_replace en el "Repla... • https://www.exploit-db.com/exploits/25136 •

CVSS: 9.8EPSS: 16%CPEs: 13EXPL: 2

CVE-2013-3239 – phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2013-3239

26 Apr 2013 — phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. phpMyAdmin v3.5.x antes de v3.5.8 y v4.x antes de v4.0.0-RC3, cuando se configura un directorio SaveDir, permite a los usuarios remotos autenticados ejecutar código ... • https://www.exploit-db.com/exploits/25003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

1...13 14 15 16 17