Page 34 of 265 results (0.035 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en la interfaz de configuración de phpMyAdmin v3.4.x antes de la versión v3.4.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un valor metido a mano. • http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069235.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069237.html http://secunia.com/advisories/46874 http://securitytracker.com/id?1026199 http://www.mandriva.com/security/advisories?name=MDVSA-2011:158 http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php http://www.securityfocus.com/bid/50175 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. phpmyadmin.css.php en phpMyAdmin v3.4.x anterior a v3.4.6 permite a atacantes remotos obtener información sensible a través de un parámetro jsarray-typed js_frame a phpmyadmin.css.php, lo cual revela la ruta de instalación en un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069235.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069237.html http://secunia.com/advisories/46874 http://www.mandriva.com/security/advisories?name=MDVSA-2011:158 http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la característica de Tracking en phpMyAdmin v3.3.x anterior a v3.3.10.4 y 3.4.x anterior a v3.4.4 permite a atacantes remotos inyectar script web de su elección o HTML a través de un (1) nombre de tabla, (2) nombre de columna, o (2) nombre de index. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065824.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065829.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065854.html http://secunia.com/advisories/45709 http://secunia.com/advisories/45990 http://www.debian.org/security/2012/dsa-2391 http://www.mandriva.com/security/advisories?name=MDVSA-2011:158 http://www.phpmyadmin.net/home_page/security/PMASA-2011-13.php http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 2%CPEs: 5EXPL: 0

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. Vulnerabilidad de directorio transversal en sql.php en phpMyAdmin v3.4.x anterior a v3.4.3.2, cuando la configuración de almacenamiento está activa, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de secuencias de salto de directorio en una transformación del parámetro MIME-type. • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c http://secunia.com/advisories/45365 http://secunia.com/advisories/45515 http://www.mandriva.com/security/advisories?name=MDVSA-2011:124 http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php http://www.securityfocus • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php. Múltiples vulnerabilidades de salto de directorio en la implementación del esquema relacional en phpMyAdmin v3.4.x anterior a v3.4.3.2 permite a usuarios autenticados de forma remota incluir y ejecutar ficheros locales a través de secuencias de salto de directorio en el campo tipo, relacionado con (1)libraries/schema/User_Schema.class.php y (2)schema_export.php. • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html http://osvdb.org/74111 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393 http://secunia.com/advisories/45365 http://secunia.com/advisories/45515 http://www.mandriva.com/security/advisories?name=MDVSA-2011:124 http://www.openwall.com/lists/oss-security/2011/07/25/4& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •