Page 29 of 271 results (0.016 seconds)

CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 3

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. phpMyAdmin 3.5.x y 4.0.x anterior a 4.0.5, permite a atacantes remotos evitar la protección frente al clickjacking a través de determinados vectores relacionados con Header.class.php. • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html http://secunia.com/advisories/54488 http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748800373f7 https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf525043687c66f • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a atacantes remotos obtener información sensible a través de una petición inválida, que revela la ruta de instalación en un mensaje de error. Relacionado con pmd_common.php y otros archivos. • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. phpMyAdmin 4.0.x anterior a 4.0.4.2, permite a atacantes remotos obtener información sensible a través de una petición inválida, que revela la ruta de instalación en un mensaje de error. Relacionado con Error.class.php y Error_Handler.class.php. • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value. Múltiples vulnerabilidades de XSS en phpMyAdmin 3.5.x anterior a 3.5.8.2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de vectores que involucran un evento JavaScript en (1) un identificador de ancla a setup/index.php oa (2) un valor chartTitle (aka chart title). • http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 22EXPL: 0

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. Vulnerabilidad XSS en libraries/schema/Export_Relation_Schema.class.php en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente inyectar secuencias web o HTML arbitrarias a través de un valor modificado de pageNumber a Schema_export.php. • http://secunia.com/advisories/59832 http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php http://www.securityfocus.com/bid/61516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •