Page 16 of 142 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 139EXPL: 1

CVE-2008-4326

https://notcve.org/view.php?id=CVE-2008-4326

The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. La función PMA_escapeJsString de libraries/js_escape.lib.php de phpMyAdmin antes de v2.11.9.2, al usar Internet Explorer, permite a usuarios remotos evitar los mecanismos de protección contra la ejecución de secuencias de comandos en sitios cruzados (XSS) y llevar a cabo ataques XSS a través de un byte NULL dentro de una sentencia "</script". • http://jvn.jp/en/jp/JVN54824688/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000061.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://osvdb.org/48511 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/libraries/js_escape.lib.php?r1=11514&r2=11603&pathrev=11603 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/js_escape.lib.php?view=log&pathrev=11603 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.5EPSS: 7%CPEs: 52EXPL: 3

CVE-2008-4096 – phpMyAdmin 3.2 - 'server_databases.php' Remote Command Execution

https://notcve.org/view.php?id=CVE-2008-4096

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. libraries/database_interface.lib.php en phpMyAdmin anterior a 2.11.9.1, permite a usuarios autenticados en remoto ejecutar código de su elección a través de una solicitud a server_databases.php con un parámetro sort_by que contenga secuencias PHP que son procesadas por create_function. • https://www.exploit-db.com/exploits/32383 http://fd.the-wildcat.de/pma_e36a091q11.php http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://osvdb.org/48196 http://secunia.com/advisories/31884 http://secunia.com/advisories/31918 http://secunia.com/advisories/32034 http://secunia.com/advisories/33822 http://security.gentoo.org/glsa/glsa-200903-32.xml http://typo3.org/teams/security/security-bulletins/typo3-20080916-1 http://www.debian.org/securit • CWE-20: Improper Input Validation •

CVSS: 6.4EPSS: 1%CPEs: 42EXPL: 1

CVE-2008-3456

https://notcve.org/view.php?id=CVE-2008-3456

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. phpMyAdmin anterior a 2.11.8 no previene adecuadamente sus páginas con marcos (frames) que apuntan a otros dominios, los que puede facilitar a atacantes remotos llevar a cabo actividades de phishing o suplantación a través de un ataje de marcos en sitios cruzados. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/31263 http://secunia.com/advisories/31312 http://secunia.com/advisories/32834 http://www.debian.org/security/2008/dsa-1641 http://www.mandriva.com/security/advisories?name=MDVSA-2008:202 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6 http://www.securityfocus.com/bid/30420 http://www.vupen.com/english/advisories/2008/2226/references http://yehg.net/lab& • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.6EPSS: 0%CPEs: 42EXPL: 1

CVE-2008-3457

https://notcve.org/view.php?id=CVE-2008-3457

Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en setup.php de phpMyAdmin versiones anteriores a 2.11.8 permite a atacantes remotos asistidos por el usuario inyectar web script o HTML de su elección a través de argumentos de instalación manipulados. NOTA: esta cuestión sólo puede ser explotada en escenarios limitados en los cuales el atacante puede modificar config/config.inc.php. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/31263 http://secunia.com/advisories/31312 http://secunia.com/advisories/32834 http://www.debian.org/security/2008/dsa-1641 http://www.mandriva.com/security/advisories?name=MDVSA-2008:202 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6 http://www.securityfocus.com/bid/30420 http://www.vupen.com/english/advisories/2008/2226/references http://yehg.net/lab& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 134EXPL: 1

CVE-2008-3197

https://notcve.org/view.php?id=CVE-2008-3197

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en phpMyAdmin anterior a versión 2.11.7.1, permite a atacantes remotos realizar acciones no autorizadas por medio de un enlace o etiqueta IMG para (1) el parámetro db en la funcionalidad "Creating a Database" (en archivo db_create.php), y los parámetros (2) convcharset y collation_connection relacionados a un programa no especificado que modifica el ajuste de caracteres de conexión. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/31097 http://secunia.com/advisories/31115 http://secunia.com/advisories/33822 http://sourceforge.net/project/shownotes.php?release_id=613660 http://www.debian.org/security/2008/dsa-1641 http://www.mandriva.com/security/advisories?name=MDVSA-2008:202 http://www.openwall.com/lists/oss-security/2008/07/15/6 http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 http:/&#x • CWE-352: Cross-Site Request Forgery (CSRF) •