CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 3CVE-2007-5728 – phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5728
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpPgAdmin 3.5 hasta 4.1.1, y posiblemente 4.1.2, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante determinadas entradas disponibles en PHP_SELF en (1) redirect.php, posiblemente referido a (2) login.php, vectores distintos de CVE-2007-2865. • https://www.exploit-db.com/exploits/30090 http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html http://osvdb.org/36699 http://secunia.com/advisories/25446 http://secunia.com/advisories/27756 http://secunia.com/advisories/33263 http://www.debian.org/security/2008/dsa-1693 http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.securityfocus.com/bid/24182 https://exchange.xforce.ibmcloud.com/vulnerabilities/34550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 3CVE-2005-2256 – phpPgAdmin 3.x - Login Form Directory Traversal
https://notcve.org/view.php?id=CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. Vulnerabilidad de franqueo de directorioes en phpPgAdmin 3.1 hasta la 3.5.3 permite que atacantes remotos accedan a ficheros arbitrarios mediante secuencias "%2e%2e%2f" en el parámetro "formLanguage". • https://www.exploit-db.com/exploits/25938 http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html http://secunia.com/advisories/15941 http://secunia.com/advisories/16116 http://securitytracker.com/id?1014414 http://sourceforge.net/project/shownotes.php?release_id=342261 http://www.debian.org/security/2005/dsa-759 http://www.securityfocus.com/bid/14142 http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html •