CVSS: 6.1EPSS: 4%CPEs: 3EXPL: 1CVE-2008-4775 – phpMyAdmin 3.0.1 - 'pmd_pdf.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4775
28 Oct 2008 — Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en pmd_pdf.php en phpMyAdmin v3.0.0, y posiblemente otras versiones incluyendo v2.11.9.2 y v3.0.1, cuando register_globals está activo,... • https://www.exploit-db.com/exploits/32531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 139EXPL: 1CVE-2008-4326
https://notcve.org/view.php?id=CVE-2008-4326
30 Sep 2008 — The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "
CVSS: 8.8EPSS: 12%CPEs: 52EXPL: 3CVE-2008-4096 – phpMyAdmin 3.2 - 'server_databases.php' Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-4096
17 Sep 2008 — libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. libraries/database_interface.lib.php en phpMyAdmin anterior a 2.11.9.1, permite a usuarios autenticados en remoto ejecutar código de su elección a través de una solicitud a server_databases.php con un parámetro sort_by que contenga secuencias PHP que son p... • https://www.exploit-db.com/exploits/32383 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 4%CPEs: 42EXPL: 1CVE-2008-3456
https://notcve.org/view.php?id=CVE-2008-3456
04 Aug 2008 — phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. phpMyAdmin anterior a 2.11.8 no previene adecuadamente sus páginas con marcos (frames) que apuntan a otros dominios, los que puede facilitar a atacantes remotos llevar a cabo actividades de phishing o suplantación a través de un ataje de marcos en sitios cruzados. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 2%CPEs: 42EXPL: 1CVE-2008-3457
https://notcve.org/view.php?id=CVE-2008-3457
04 Aug 2008 — Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en setup.php de phpMyAdmin versiones anteriores a 2.11.8 permite a atacantes remotos asistidos por el usuario inyectar web script ... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 134EXPL: 1CVE-2008-3197
https://notcve.org/view.php?id=CVE-2008-3197
16 Jul 2008 — Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en phpMyAdmin anterior a versión 2.11.7.1, permite a atacantes remotos re... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3032
https://notcve.org/view.php?id=CVE-2008-3032
07 Jul 2008 — Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión phpMyAdmin (phpmyadmin) 3.0.1 y versiones anteriores para TYPO3 permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/30884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 27EXPL: 0CVE-2008-2960
https://notcve.org/view.php?id=CVE-2008-2960
02 Jul 2008 — Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin antes de 2.11.7, cuando register_globals está habilitado y .htaccess support está deshabilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su ... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2008-1924
https://notcve.org/view.php?id=CVE-2008-1924
23 Apr 2008 — Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. Una vulnerabilidad no especificada en phpMyAdmin versiones anteriores a 2.11.5.2, cuando se ejecuta en hosts compartidos, permite a los usuarios autenticados remotos con permisos de tabla CREATE leer archivos arbitrarios por medio de una petición POST d... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-1567
https://notcve.org/view.php?id=CVE-2008-1567
31 Mar 2008 — phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. phpMyAdmin versiones anteriores a 2.11.5.1, almacena la clave secreta MySQL de (1) nombre de usuario (2) contraseña, y (3) Blowfish, en texto sin cifrar en un archivo de Sesión bajo /tmp, que permite a los usuarios locales obtener información confidencial. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html • CWE-312: Cleartext Storage of Sensitive Information •