CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 4CVE-2006-6942 – phpMyAdmin 2.x - 'db_create.php?db' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6942
19 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. Múltiples vulnerabilidades de secuenc... • https://www.exploit-db.com/exploits/29058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0341
https://notcve.org/view.php?id=CVE-2007-0341
18 Jan 2007 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin 2.8.1 y anteriores, al usar Microsoft Internet Explorer 6, permite a atacantes remotos inyectar secuencias de comando... • http://www.securityfocus.com/archive/1/456698/100/0/threaded •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0203
https://notcve.org/view.php?id=CVE-2007-0203
11 Jan 2007 — Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en phpMyAdmin versiones anteriores a 2.9.2-rc1 tienen un impacto desconocido y vectores de ataque. • http://osvdb.org/32666 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0204
https://notcve.org/view.php?id=CVE-2007-0204
11 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin versiones anteriores a 2.9.2-rc1 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. NOTA: algunos de estos detalles se han ... • http://osvdb.org/32667 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0095
https://notcve.org/view.php?id=CVE-2007-0095
05 Jan 2007 — phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. phpMyAdmin 2.9.1.1 permite a atacantes remotos obtener información sensible a través de respuestas directas para themes/darkblue_orange/layout.inc.php, lo cual revela la ruta en un mensaje de error. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6373
https://notcve.org/view.php?id=CVE-2006-6373
07 Dec 2006 — PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. PhpMyAdmin 2.7.0-pl2 permite a atacantes remotos la obtención de información sensible a traves de una petición directa a la librería libraries/common.lib.php, que muestra la ruta en un mensaje de error. • http://securityreason.com/securityalert/1993 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6374
https://notcve.org/view.php?id=CVE-2006-6374
07 Dec 2006 — Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. Múltiples vulnerabilidades de inyección de CRLF en PhpMyAdmin 2.7.0-pl2 permite a... • http://securityreason.com/securityalert/1993 •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2006-5718
https://notcve.org/view.php?id=CVE-2006-5718
04 Nov 2006 — Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. Vulnerabilidad de secuencias de comandos (XSS) en error.php en phpMyAdmin 2.6.4 hasta la 2.9.0.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de codifica... • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2006-5116
https://notcve.org/view.php?id=CVE-2006-5116
02 Oct 2006 — Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. Múltiples vulnerabilidades de falsificación de petic... • http://attrition.org/pipermail/vim/2006-October/001067.html •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2006-5117
https://notcve.org/view.php?id=CVE-2006-5117
02 Oct 2006 — phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. phpMyAdmin anterior a 2.9.1-rc1 tiene un directorio de librerias bajo la raíz de la documentación web con controles de acceso insuficientes, lo caul permiet a un atacante remoto obtener información sensible a través de repuesta directar para cierto archivos. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •