NotCVE - vendor:"Phpmyadmin" product:"Phpmyadmin" version:"1.2.3"

Page 2 of 42 results (0.001 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-7260 – Ubuntu Security Notice USN-4639-1

https://notcve.org/view.php?id=CVE-2018-7260

21 Feb 2018 — Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad Cross-Site Scripting (XSS) en db_central_columns.php en phpMyAdmin, en versiones anteriores a la 4.7.8, permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante una URL manipulada. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configu... • http://www.securityfocus.com/bid/103099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0

CVE-2016-6621

https://notcve.org/view.php?id=CVE-2016-6621

31 Jan 2017 — The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. La secuencia de comandos de instalación para phpMyAdmin en versiones anteriores a 4.0.10.19, 4.4.x en versiones anteriores a 4.4.15.10 y 4.6.x en versiones anteriores a 4.6.6 permite a atacantes remotos realizar ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especific... • http://www.securityfocus.com/bid/95914 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-5097 – Gentoo Linux Security Advisory 201701-32

https://notcve.org/view.php?id=CVE-2016-5097

05 Jul 2016 — phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. phpMyAdmin en versiones anteriores a 4.6.2 emplaza tokens en cadenas de consulta y no gestiona su eliminación antes de la navegación externa, lo que permite a atacantes remotos obtener información sensible leyendo (1) peticiones HTTP o (2) los registros del servidor. Multi... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 150EXPL: 0

CVE-2014-1879 – Debian Security Advisory 2975-1

https://notcve.org/view.php?id=CVE-2014-1879

20 Feb 2014 — Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Vulnerabilidad de XSS en import.php en phpMyAdmin anterior a 4.1.7 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de un nombre de archivo manipulado en una acción import. Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticat... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 8%CPEs: 12EXPL: 3

CVE-2013-1937 – phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2013-1937

16 Apr 2013 — Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable. ** EN DISPUTA ** Múltiples vulnerabilidades Cross-Site Scripting (XSS) en tbl_gis_visualization.php en phpMyAdmin, en versiones 3.5.x anteriores a la 3.5.8, permiten que atacantes re... • https://www.exploit-db.com/exploits/38440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 3%CPEs: 30EXPL: 2

CVE-2012-5469 – Portable phpMyAdmin <= 1.3.0 - Authentication Bypass

https://notcve.org/view.php?id=CVE-2012-5469

20 Dec 2012 — The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. El complemento phpMyAdmin Portable antes de v1.3.1 para WordPress permite a atacantes remotos evitar la autenticación y obtener acceso a la consola de phpMyAdmin a través de una solicitud directa al wp-content/plugins/portable-phpmyadmin/wp-pma-mod. The Portable phpMyAdmin plugin before 1.3.0... • https://www.exploit-db.com/exploits/23356 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •

CVSS: 5.4EPSS: 0%CPEs: 75EXPL: 0

CVE-2011-2642

https://notcve.org/view.php?id=CVE-2011-2642

01 Aug 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la vista de implementación en la tabla Print en tbl_printview.php en phpMyAdmin anterior a v3.3.10.3 y v3.4.x anterior a v3.4.3.2 permite a usuarios aute... • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0

CVE-2010-4481

https://notcve.org/view.php?id=CVE-2010-4481

17 Dec 2010 — phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. phpMyAdmin anteriores a v3.4.0-beta1, permite a atacantes remotos evitar la autenticación y obtener información sensible a través de una solicitud directa al phpinfo.php, que llama a la función phpinfo. • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4d9fd005671b05c4d74615d5939ed45e4d019e4c • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 177EXPL: 0

CVE-2009-2284

https://notcve.org/view.php?id=CVE-2009-2284

01 Jul 2009 — Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin anterior a v3.2.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un favorito con una sentencia SQL manipulada. • http://secunia.com/advisories/35649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 93%CPEs: 41EXPL: 6

CVE-2009-1151 – phpMyAdmin Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2009-1151

26 Mar 2009 — Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Vulnerabilidad de inyección de código estático en el archivo setup.php en phpMyAdmin v2.11.x anteriores a v2.11.9.5 y v3.x anteriores a v3.1.3.1 que permite a los atacantes remotos inyectar código PHP arbitrariamente en el archivo de configuración a través de la acción guardar. Setup script used to gen... • https://www.exploit-db.com/exploits/8921 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

1 2 3 4 5