CVE-2010-3056
https://notcve.org/view.php?id=CVE-2010-3056
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v2.11.x anterior a v2.11.10.1, y 3.x anterior a 3.3.5.1 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores relacionados con (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, y (17) tbl_sql.php. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997.html http://secunia.com/advisories/41000 http://secunia.com/advisories/41185 http://www.debian.org/security/2010/dsa-2097 http://www.mandriva.com/security/advisories?name=MDVSA-2010:163 http://www.mandriva.com/security/advisories?name=MDVSA-2010:164 http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php http://www.securityfocus& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-3055
https://notcve.org/view.php?id=CVE-2010-3055
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. La configuración de la secuencia de comandos de instalación (también conocida como scripts/setup.php) en phpMyAdmin v2.11.x anterior a v2.11.10.1 no restringe adecuadamente nombres clave en sus archivos de salida, lo que permite a atacantes remotos ejecutar código PHP de su elección a través de una petición POST manipulada. • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2 http://secunia.com/advisories/41058 http://secunia.com/advisories/41185 http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408 http://www.debian.org/security/2010/dsa-2097 http://www.mandriva.com/security/advisories?name=MDVSA-2010:163 http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php http://www.securityfocus.com/bid/42591 htt • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-3696
https://notcve.org/view.php?id=CVE-2009-3696
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. Vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre de tabla MySQL manipulado. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3697
https://notcve.org/view.php?id=CVE-2009-3697
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. Vulnerabilidad de inyección SQL en la funcionalidad generador de esquema PDF en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos ejecutar comandos SQL a su elección a través de parámetros de la interfaz no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-2284
https://notcve.org/view.php?id=CVE-2009-2284
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin anterior a v3.2.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un favorito con una sentencia SQL manipulada. • http://secunia.com/advisories/35649 http://secunia.com/advisories/35715 http://www.mandriva.com/security/advisories?name=MDVSA-2009:192 http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00150.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00152.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00256.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •