CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2006-5718
https://notcve.org/view.php?id=CVE-2006-5718
04 Nov 2006 — Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. Vulnerabilidad de secuencias de comandos (XSS) en error.php en phpMyAdmin 2.6.4 hasta la 2.9.0.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de codifica... • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2006-5117
https://notcve.org/view.php?id=CVE-2006-5117
02 Oct 2006 — phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. phpMyAdmin anterior a 2.9.1-rc1 tiene un directorio de librerias bajo la raíz de la documentación web con controles de acceso insuficientes, lo caul permiet a un atacante remoto obtener información sensible a través de repuesta directar para cierto archivos. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •
CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 0CVE-2006-5116
https://notcve.org/view.php?id=CVE-2006-5116
02 Oct 2006 — Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. Múltiples vulnerabilidades de falsificación de petic... • http://attrition.org/pipermail/vim/2006-October/001067.html •
CVSS: 6.1EPSS: 1%CPEs: 55EXPL: 0CVE-2006-3388
https://notcve.org/view.php?id=CVE-2006-3388
06 Jul 2006 — Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin en versiones anteriores a 2.8.2, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro table. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-2418
https://notcve.org/view.php?id=CVE-2006-2418
16 May 2006 — Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. • http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2417
https://notcve.org/view.php?id=CVE-2006-2417
16 May 2006 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031. • http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2006-2031
https://notcve.org/view.php?id=CVE-2006-2031
26 Apr 2006 — Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. • http://pridels0.blogspot.com/2006/04/phpmyadmin-xss-vuln.html •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2006-1804
https://notcve.org/view.php?id=CVE-2006-1804
18 Apr 2006 — SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. • http://secunia.com/advisories/19659 •
CVSS: 6.1EPSS: 20%CPEs: 1EXPL: 2CVE-2006-1803 – phpMyAdmin 2.7 - 'sql.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1803
18 Apr 2006 — Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. • https://www.exploit-db.com/exploits/27632 •
CVSS: 6.1EPSS: 1%CPEs: 53EXPL: 0CVE-2006-1678
https://notcve.org/view.php?id=CVE-2006-1678
10 Apr 2006 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. • http://secunia.com/advisories/19556 •