CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0204
https://notcve.org/view.php?id=CVE-2007-0204
11 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin versiones anteriores a 2.9.2-rc1 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. NOTA: algunos de estos detalles se han ... • http://osvdb.org/32667 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0203
https://notcve.org/view.php?id=CVE-2007-0203
11 Jan 2007 — Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en phpMyAdmin versiones anteriores a 2.9.2-rc1 tienen un impacto desconocido y vectores de ataque. • http://osvdb.org/32666 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0095
https://notcve.org/view.php?id=CVE-2007-0095
05 Jan 2007 — phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. phpMyAdmin 2.9.1.1 permite a atacantes remotos obtener información sensible a través de respuestas directas para themes/darkblue_orange/layout.inc.php, lo cual revela la ruta en un mensaje de error. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6373
https://notcve.org/view.php?id=CVE-2006-6373
07 Dec 2006 — PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. PhpMyAdmin 2.7.0-pl2 permite a atacantes remotos la obtención de información sensible a traves de una petición directa a la librería libraries/common.lib.php, que muestra la ruta en un mensaje de error. • http://securityreason.com/securityalert/1993 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6374
https://notcve.org/view.php?id=CVE-2006-6374
07 Dec 2006 — Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. Múltiples vulnerabilidades de inyección de CRLF en PhpMyAdmin 2.7.0-pl2 permite a... • http://securityreason.com/securityalert/1993 •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2006-5718
https://notcve.org/view.php?id=CVE-2006-5718
04 Nov 2006 — Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. Vulnerabilidad de secuencias de comandos (XSS) en error.php en phpMyAdmin 2.6.4 hasta la 2.9.0.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de codifica... • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2006-5117
https://notcve.org/view.php?id=CVE-2006-5117
02 Oct 2006 — phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. phpMyAdmin anterior a 2.9.1-rc1 tiene un directorio de librerias bajo la raíz de la documentación web con controles de acceso insuficientes, lo caul permiet a un atacante remoto obtener información sensible a través de repuesta directar para cierto archivos. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •
CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 0CVE-2006-5116
https://notcve.org/view.php?id=CVE-2006-5116
02 Oct 2006 — Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. Múltiples vulnerabilidades de falsificación de petic... • http://attrition.org/pipermail/vim/2006-October/001067.html •
CVSS: 6.1EPSS: 1%CPEs: 55EXPL: 0CVE-2006-3388
https://notcve.org/view.php?id=CVE-2006-3388
06 Jul 2006 — Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin en versiones anteriores a 2.8.2, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro table. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-2418
https://notcve.org/view.php?id=CVE-2006-2418
16 May 2006 — Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. • http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html •