CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2011-3181
https://notcve.org/view.php?id=CVE-2011-3181
29 Aug 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la característica de Tracking en phpMyAdmin v3.3.x anterior a v3.3.10.4 y 3.4.x anterior a v3.4.4 permite a atacantes remotos inyectar script web de su elección o ... • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065824.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 2%CPEs: 5EXPL: 0CVE-2011-2643
https://notcve.org/view.php?id=CVE-2011-2643
01 Aug 2011 — Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. Vulnerabilidad de directorio transversal en sql.php en phpMyAdmin v3.4.x anterior a v3.4.3.2, cuando la configuración de almacenamiento está activa, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de secuenci... • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 50EXPL: 0CVE-2011-2719
https://notcve.org/view.php?id=CVE-2011-2719
01 Aug 2011 — libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505. libraries/auth/swekey/swekey.auth.lib.php en phpMyAdmin v3.x anterior a v3.3.10.3 y v3.4.x anterior a v3.4.3.2 no maneja adecuadame... • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 75EXPL: 0CVE-2011-2642
https://notcve.org/view.php?id=CVE-2011-2642
01 Aug 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la vista de implementación en la tabla Print en tbl_printview.php en phpMyAdmin anterior a v3.3.10.3 y v3.4.x anterior a v3.4.3.2 permite a usuarios aute... • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2011-2718
https://notcve.org/view.php?id=CVE-2011-2718
01 Aug 2011 — Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php. Múltiples vulnerabilidades de salto de directorio en la implementación del esquema relacional en phpMyAdmin v3.4.x anterior a v3.4.3.2 permite a usuarios autenticados de form... • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 11%CPEs: 48EXPL: 4CVE-2011-2505 – phpMyAdmin3 (pma3) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-2505
14 Jul 2011 — libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability." libraries/auth/swekey/swekey.auth.lib.php en la función de autenticación Swekey en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 as... • https://www.exploit-db.com/exploits/17510 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 13%CPEs: 48EXPL: 1CVE-2011-2508
https://notcve.org/view.php?id=CVE-2011-2508
14 Jul 2011 — Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. Vulnerabilidad de salto de directorio en libraries/display_tbl.lib.php en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 cuando una determinada transf... • http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 26%CPEs: 48EXPL: 4CVE-2011-2506 – phpMyAdmin 3.x - Swekey Remote Code Injection
https://notcve.org/view.php?id=CVE-2011-2506
14 Jul 2011 — setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. setup/lib/ConfigGenerator.class.php en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 no restringe correctamente la presencia de los delimitadores de cierre de comentario, permitiendo a ata... • https://www.exploit-db.com/exploits/17514 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 9%CPEs: 48EXPL: 2CVE-2011-2507
https://notcve.org/view.php?id=CVE-2011-2507
14 Jul 2011 — libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array. libraries/server_synchronize.lib.php en la implementación Synchronize en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3... • http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 67EXPL: 0CVE-2011-0986
https://notcve.org/view.php?id=CVE-2011-0986
14 Feb 2011 — phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. PhpMyAdmin v2.11.x antes de v2.11.11.2, y v3.3.x antes de v3.3.9.1, no controla correctamente la ausencia de los ficheros (1) README, (2) Changelog , y (3) Los archivos de licencia, que permite a atacantes remotos obtener la ruta de instalación a tr... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html • CWE-20: Improper Input Validation •