CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2012-4345
https://notcve.org/view.php?id=CVE-2012-4345
21 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la página de (Database Structure) de datos en phpMyAdmin v3.4.x anterior a v3.4.11.1 y v3.5.x anterio... • http://www.mandriva.com/security/advisories?name=MDVSA-2012:136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2012-4219
https://notcve.org/view.php?id=CVE-2012-4219
21 Aug 2012 — show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file. show_config_errors.php en phpMyAdmin v3.5.x anterior a v3.5.2.1 permite a atacantes remotos obtener información sensible a través de una solicitud directa, la cual revela la ruta de instalación en un mensaje de error, relacionada con la no inclusión del ... • http://www.phpmyadmin.net/home_page/security/PMASA-2012-3.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 1CVE-2012-1190
https://notcve.org/view.php?id=CVE-2012-1190
03 May 2012 — Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad de replicación de configuración en js/replication.js en phpMyAdmin v3.4.x antes de v3.4.10.1, permite a los atacantes remotos asistidos por el usuario inyectar secuencias... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079435.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1902
https://notcve.org/view.php?id=CVE-2012-1902
06 Apr 2012 — show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file. show_config_errors.php en phpMyAdmin v3.4.x y anterior a v3.4.10.2, cuando un archivo de configuración no existe, permite a atacantes remotos obtener información sensible a través de una solicitud directa, lo cual revela la ruta de instalación en un m... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079435.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1940
https://notcve.org/view.php?id=CVE-2011-1940
26 Jan 2012 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v3.3.x anterior a v3.3.10.1 y v3.4.x anterior a v3.4.1 permite a atacantes remotos... • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1941
https://notcve.org/view.php?id=CVE-2011-1941
26 Jan 2012 — Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Abrir redirigir la vulnerabilidad en la función de redirección en phpMyAdmin v3.4.x anterior a v3.4.1 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrario y llevar a cabo ataques de phishing a través de vectores no especificados. • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2011-4780
https://notcve.org/view.php?id=CVE-2011-4780
22 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en libraries/display_export.lib.php en phpMyAdmin v3.4.x antes de v3.4.9, permite a atacantes remotos inyectar secuencias de... • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2011-4782
https://notcve.org/view.php?id=CVE-2011-4782
22 Dec 2011 — Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) libraries/config/ConfigFile.class.php en el interfaz de configuración en phpMyAdmin v3.4.x antes de v3.4.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del p... • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2011-4634
https://notcve.org/view.php?id=CVE-2011-4634
22 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, relat... • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071040.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 4%CPEs: 6EXPL: 6CVE-2011-4107 – phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection
https://notcve.org/view.php?id=CVE-2011-4107
17 Nov 2011 — The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. La función simplexml_load_string en la importación XML plug-in (libraries/import/xml.php) en phpMyAdmin v3.4.x anterior a v3.4.7.1, v3.3.x y v3.3.10.5 permite a usuarios remotos autenticados leer ficher... • https://www.exploit-db.com/exploits/18371 • CWE-611: Improper Restriction of XML External Entity Reference •