CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 4CVE-2006-6942 – phpMyAdmin 2.x - 'db_create.php?db' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6942
19 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. Múltiples vulnerabilidades de secuenc... • https://www.exploit-db.com/exploits/29058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0341
https://notcve.org/view.php?id=CVE-2007-0341
18 Jan 2007 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin 2.8.1 y anteriores, al usar Microsoft Internet Explorer 6, permite a atacantes remotos inyectar secuencias de comando... • http://www.securityfocus.com/archive/1/456698/100/0/threaded •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0203
https://notcve.org/view.php?id=CVE-2007-0203
11 Jan 2007 — Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en phpMyAdmin versiones anteriores a 2.9.2-rc1 tienen un impacto desconocido y vectores de ataque. • http://osvdb.org/32666 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0204
https://notcve.org/view.php?id=CVE-2007-0204
11 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin versiones anteriores a 2.9.2-rc1 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. NOTA: algunos de estos detalles se han ... • http://osvdb.org/32667 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6373
https://notcve.org/view.php?id=CVE-2006-6373
07 Dec 2006 — PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. PhpMyAdmin 2.7.0-pl2 permite a atacantes remotos la obtención de información sensible a traves de una petición directa a la librería libraries/common.lib.php, que muestra la ruta en un mensaje de error. • http://securityreason.com/securityalert/1993 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6374
https://notcve.org/view.php?id=CVE-2006-6374
07 Dec 2006 — Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. Múltiples vulnerabilidades de inyección de CRLF en PhpMyAdmin 2.7.0-pl2 permite a... • http://securityreason.com/securityalert/1993 •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2006-5718
https://notcve.org/view.php?id=CVE-2006-5718
04 Nov 2006 — Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. Vulnerabilidad de secuencias de comandos (XSS) en error.php en phpMyAdmin 2.6.4 hasta la 2.9.0.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de codifica... • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2006-5116
https://notcve.org/view.php?id=CVE-2006-5116
02 Oct 2006 — Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. Múltiples vulnerabilidades de falsificación de petic... • http://attrition.org/pipermail/vim/2006-October/001067.html •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2006-5117
https://notcve.org/view.php?id=CVE-2006-5117
02 Oct 2006 — phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. phpMyAdmin anterior a 2.9.1-rc1 tiene un directorio de librerias bajo la raíz de la documentación web con controles de acceso insuficientes, lo caul permiet a un atacante remoto obtener información sensible a través de repuesta directar para cierto archivos. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •
CVSS: 6.1EPSS: 0%CPEs: 55EXPL: 0CVE-2006-3388
https://notcve.org/view.php?id=CVE-2006-3388
06 Jul 2006 — Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin en versiones anteriores a 2.8.2, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro table. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •