CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-1567
https://notcve.org/view.php?id=CVE-2008-1567
31 Mar 2008 — phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. phpMyAdmin versiones anteriores a 2.11.5.1, almacena la clave secreta MySQL de (1) nombre de usuario (2) contraseña, y (3) Blowfish, en texto sin cifrar en un archivo de Sesión bajo /tmp, que permite a los usuarios locales obtener información confidencial. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2008-1149
https://notcve.org/view.php?id=CVE-2008-1149
04 Mar 2008 — phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. phpMyAdmin anterior a la v2.11.5, accesos a $_REQUEST para obtener algún parámetro en vez de usar $_GET y $_POST, puede permitir a atacantes remotos del mismo dominio sobrescribir variables, inyectar código SQL y realizar ataques de falsificac... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 82EXPL: 0CVE-2007-6100
https://notcve.org/view.php?id=CVE-2007-6100
23 Nov 2007 — Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en el fichero libraries/auth/cookie.auth.lib.php de phpMyAdmin, en versiones previas a la 2.11.2.2. Cuando los inicios de sesió... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-5976
https://notcve.org/view.php?id=CVE-2007-5976
15 Nov 2007 — SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. Vulnerabilidad de inyección SQL en el db_create.php en el phpMyAdmin anterior al 2.11.2.1 permite a usuarios remotos autenticados con privilegios de CREATE DATABASE ejecutar comandos SQL de su elección a través del parámetro db. • http://secunia.com/advisories/27630 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5977
https://notcve.org/view.php?id=CVE-2007-5977
15 Nov 2007 — Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el db_create.php del phpMyAdmin anterior al 2.11.2.1 permite a usuarios remotos autenticados con privilegios de CREATE DATABASE la inye... • http://secunia.com/advisories/27630 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 10%CPEs: 1EXPL: 1CVE-2007-5589 – phpMyAdmin 2.11.1 - 'Server_Status.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5589
19 Oct 2007 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI. Múltiples vulnerabilidades de tipo cro... • https://www.exploit-db.com/exploits/30733 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2016
https://notcve.org/view.php?id=CVE-2007-2016
12 Apr 2007 — Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mysql/phpinfo.php de phpMyAdmin 2.6.1 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro lang[]. • http://osvdb.org/35049 •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 1CVE-2007-1395
https://notcve.org/view.php?id=CVE-2007-1395
10 Mar 2007 — Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase end tag, which bypasses the protection against lowercase . Vulnerabilidad de lista negra incompleta en index.php en phpMyAdmin 2.8.0 hasta 2.9.2 permite a atacantes remotos llevar a cabo ataques de secuencias de comandos de sitios cr... • http://osvdb.org/35048 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1325
https://notcve.org/view.php?id=CVE-2007-1325
07 Mar 2007 — The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. La función PMA_ArrayWalkRecursive e... • http://osvdb.org/36834 •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 4CVE-2006-6942 – phpMyAdmin 2.x - 'db_create.php?db' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6942
19 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. Múltiples vulnerabilidades de secuenc... • https://www.exploit-db.com/exploits/29058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •