CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 2CVE-2006-1258 – phpMyAdmin 2.8.1 - Set_Theme Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1258
19 Mar 2006 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. • https://www.exploit-db.com/exploits/27435 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4450
https://notcve.org/view.php?id=CVE-2005-4450
21 Dec 2005 — Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed. • http://secunia.com/advisories/18113 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-4349
https://notcve.org/view.php?id=CVE-2005-4349
19 Dec 2005 — SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue... • http://marc.info/?l=bugtraq&m=113486637512821&w=2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 49EXPL: 0CVE-2005-3665
https://notcve.org/view.php?id=CVE-2005-3665
08 Dec 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. • http://secunia.com/advisories/17895 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-4079
https://notcve.org/view.php?id=CVE-2005-4079
08 Dec 2005 — The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables. • http://secunia.com/advisories/17925 •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2005-3787
https://notcve.org/view.php?id=CVE-2005-3787
24 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. • http://secunia.com/advisories/17578 •
CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0CVE-2005-3621
https://notcve.org/view.php?id=CVE-2005-3621
16 Nov 2005 — CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. Vulnerabilidad de inyección de CRLF en phpMyAdmin anteriores a 2.6.4-pl4 permite a atacantes remotos conducir ataques de separación de respuesta HTTP mediante scripts no especificados. • http://secunia.com/advisories/17578 •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2005-3622
https://notcve.org/view.php?id=CVE-2005-3622
16 Nov 2005 — phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. phpMyAdmin 2.7.0-beta1 y anteriores permiten a atacantes remotos obtener la ruta completa del servidor mediante peticiones directas a varios scripts en el directorio de bibliotecas. • http://marc.info/?l=bugtraq&m=113208319104035&w=2 •
CVSS: 6.1EPSS: 3%CPEs: 4EXPL: 2CVE-2005-3301 – phpMyAdmin 2.x - 'queryframe.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3301
24 Oct 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. • https://www.exploit-db.com/exploits/26392 •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2005-3300
https://notcve.org/view.php?id=CVE-2005-3300
23 Oct 2005 — The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0478. •