Page 16 of 86 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 5

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. • https://www.exploit-db.com/exploits/25153 https://www.exploit-db.com/exploits/25152 https://www.exploit-db.com/exploits/25154 https://www.exploit-db.com/exploits/25155 http://marc.info/?l=bugtraq&m=110929725801154&w=2 http://secunia.com/advisories/14382 http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408 http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml http://www.securityfocus.com/bid/12644 https://exchange.xforce.ib • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 36EXPL: 1

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. • http://securitytracker.com/id?1013210 •

CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0

The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. • http://marc.info/?l=bugtraq&m=109816584519779&w=2 http://marc.info/?l=full-disclosure&m=109810251501643&w=2 http://secunia.com/advisories/12813 http://secunia.com/advisories/12859 http://securitytracker.com/alerts/2004/Oct/1011761.html http://www.gentoo.org/security/en/glsa/glsa-200410-14.xml http://www.osvdb.org/10715 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-2 http://www.securityfocus.com/bid/11391 https://exchange.xforce.ibmcloud.com/vul •

CVSS: 7.5EPSS: 5%CPEs: 12EXPL: 6

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. • https://www.exploit-db.com/exploits/309 http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html http://eagle.kecapi.com/sec/fd/phpMyAdmin.html http://marc.info/?l=bugtraq&m=109816584519779&w=2 http://secunia.com/advisories/11974 http://securitytracker.com/id?1010614 http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml http://www.osvdb.org/7314 http://www.phpmyadmin.net/home_page/securit •

CVSS: 7.5EPSS: 3%CPEs: 12EXPL: 4

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. • http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html http://eagle.kecapi.com/sec/fd/phpMyAdmin.html http://secunia.com/advisories/11974 http://securitytracker.com/alerts/2004/Jun/1010614.html http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml http://www.osvdb.org/7315 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-1 http://www.securityfocus.com/bid/10629 https://ex •