NotCVE - vendor:"Phpmyadmin" product:"Phpmyadmin" version:"3.4.0.0"

Page 3 of 37 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

CVE-2011-1940

https://notcve.org/view.php?id=CVE-2011-1940

26 Jan 2012 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v3.3.x anterior a v3.3.10.1 y v3.4.x anterior a v3.4.1 permite a atacantes remotos... • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-1941

https://notcve.org/view.php?id=CVE-2011-1941

26 Jan 2012 — Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Abrir redirigir la vulnerabilidad en la función de redirección en phpMyAdmin v3.4.x anterior a v3.4.1 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrario y llevar a cabo ataques de phishing a través de vectores no especificados. • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0

CVE-2011-4634

https://notcve.org/view.php?id=CVE-2011-4634

22 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, relat... • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071040.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2011-4780

https://notcve.org/view.php?id=CVE-2011-4780

22 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en libraries/display_export.lib.php en phpMyAdmin v3.4.x antes de v3.4.9, permite a atacantes remotos inyectar secuencias de... • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2011-4782

https://notcve.org/view.php?id=CVE-2011-4782

22 Dec 2011 — Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) libraries/config/ConfigFile.class.php en el interfaz de configuración en phpMyAdmin v3.4.x antes de v3.4.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del p... • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 11%CPEs: 6EXPL: 6

CVE-2011-4107 – phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection

https://notcve.org/view.php?id=CVE-2011-4107

17 Nov 2011 — The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. La función simplexml_load_string en la importación XML plug-in (libraries/import/xml.php) en phpMyAdmin v3.4.x anterior a v3.4.7.1, v3.3.x y v3.3.10.5 permite a usuarios remotos autenticados leer ficher... • https://www.exploit-db.com/exploits/18371 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2011-3646

https://notcve.org/view.php?id=CVE-2011-3646

17 Nov 2011 — phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. phpmyadmin.css.php en phpMyAdmin v3.4.x anterior a v3.4.6 permite a atacantes remotos obtener información sensible a través de un parámetro jsarray-typed js_frame a phpmyadmin.css.php, lo cual revela la ruta de instalación en un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2011-4064

https://notcve.org/view.php?id=CVE-2011-4064

01 Nov 2011 — Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en la interfaz de configuración de phpMyAdmin v3.4.x antes de la versión v3.4.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un valor metido a mano. • http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0

CVE-2011-3181

https://notcve.org/view.php?id=CVE-2011-3181

29 Aug 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la característica de Tracking en phpMyAdmin v3.3.x anterior a v3.3.10.4 y 3.4.x anterior a v3.4.4 permite a atacantes remotos inyectar script web de su elección o ... • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065824.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2011-2643

https://notcve.org/view.php?id=CVE-2011-2643

01 Aug 2011 — Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. Vulnerabilidad de directorio transversal en sql.php en phpMyAdmin v3.4.x anterior a v3.4.3.2, cuando la configuración de almacenamiento está activa, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de secuenci... • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1 2 3 4