CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 3CVE-2007-5728 – phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5728
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpPgAdmin 3.5 hasta 4.1.1, y posiblemente 4.1.2, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante determinadas entradas disponibles en PHP_SELF en (1) redirect.php, posiblemente referido a (2) login.php, vectores distintos de CVE-2007-2865. • https://www.exploit-db.com/exploits/30090 http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html http://osvdb.org/36699 http://secunia.com/advisories/25446 http://secunia.com/advisories/27756 http://secunia.com/advisories/33263 http://www.debian.org/security/2008/dsa-1693 http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.securityfocus.com/bid/24182 https://exchange.xforce.ibmcloud.com/vulnerabilities/34550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2007-2865 – phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2865
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en qledit.php de phpPgAdmin 4.1.1 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro server. • https://www.exploit-db.com/exploits/30075 http://marc.info/?l=full-disclosure&m=117987658110713&w=2 http://osvdb.org/38138 http://secunia.com/advisories/27756 http://secunia.com/advisories/33263 http://www.debian.org/security/2008/dsa-1693 http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.securityfocus.com/bid/24115 https://exchange.xforce.ibmcloud.com/vulnerabilities/34456 •
CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 3CVE-2005-2256 – phpPgAdmin 3.x - Login Form Directory Traversal
https://notcve.org/view.php?id=CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. Vulnerabilidad de franqueo de directorioes en phpPgAdmin 3.1 hasta la 3.5.3 permite que atacantes remotos accedan a ficheros arbitrarios mediante secuencias "%2e%2e%2f" en el parámetro "formLanguage". • https://www.exploit-db.com/exploits/25938 http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html http://secunia.com/advisories/15941 http://secunia.com/advisories/16116 http://securitytracker.com/id?1014414 http://sourceforge.net/project/shownotes.php?release_id=342261 http://www.debian.org/security/2005/dsa-759 http://www.securityfocus.com/bid/14142 http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2001-0479
https://notcve.org/view.php?id=CVE-2001-0479
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. • http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13 http://www.securityfocus.com/bid/2640 •