Page 5 of 43 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v2.11.x anterior a v2.11.10.1, y 3.x anterior a 3.3.5.1 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores relacionados con (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, y (17) tbl_sql.php. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997.html http://secunia.com/advisories/41000 http://secunia.com/advisories/41185 http://www.debian.org/security/2010/dsa-2097 http://www.mandriva.com/security/advisories?name=MDVSA-2010:163 http://www.mandriva.com/security/advisories?name=MDVSA-2010:164 http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php http://www.securityfocus& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 10%CPEs: 24EXPL: 1

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. La configuración de la secuencia de comandos de instalación (también conocida como scripts/setup.php) en phpMyAdmin v2.11.x anterior a v2.11.10.1 no restringe adecuadamente nombres clave en sus archivos de salida, lo que permite a atacantes remotos ejecutar código PHP de su elección a través de una petición POST manipulada. • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2 http://secunia.com/advisories/41058 http://secunia.com/advisories/41185 http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408 http://www.debian.org/security/2010/dsa-2097 http://www.mandriva.com/security/advisories?name=MDVSA-2010:163 http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php http://www.securityfocus.com/bid/42591 htt • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 45EXPL: 0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. libraries/File.class.php en phpMyAdmin v2.11.x anterior a v2.11.10 utiliza nombres de ficheros previsibles para los ficheros temporales, lo que tiene un impacto y vectores de ataque desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11528&r2=11527&pathrev=11528 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528 http://secunia.com/advisories/38211 http://secunia.com/advisories/39503 http://www.debian.org/security/2010/dsa-2034 http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php http://www.securityfocu • CWE-310: Cryptographic Issues •

CVSS: 10.0EPSS: 1%CPEs: 45EXPL: 0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. libraries/File.class.php en phpMyAdmin v2.11.x anterior a v2.11.10 crea un directorio temporal con permisos 0777, lo que tiene un impacto y vectores de ataque desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11536&r2=11535&pathrev=11536 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536 http://secunia.com/advisories/38211 http://secunia.com/advisories/39503 http://www.debian.org/security/2010/dsa-2034 http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php http://www.securityfocu • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 0

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. scripts/setup.php (también conocido como secuencias de comandos de instalación) en phpMyAdmin v2.11.x anterior a v2.11.10 llama a la función unserialize en los valores de la (1) configuración y (2) v[0] parámetros, lo que podría permitir a atacantes remotos dirigir ataques de falsificación de petición en sitios cruzados (CSRF) a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/scripts/setup.php?r1=13149&r2=13148&pathrev=13149 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149 http://secunia.com/advisories/38211 http://secunia.com/advisories/39503 http://www.debian.org/security/2010/dsa-2034 http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php http://www.vupen.com/engl •