NotCVE - vendor:"Phpmyadmin" product:"Phpmyadmin" version:"2.7.0"

Page 5 of 52 results (0.009 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-6373

https://notcve.org/view.php?id=CVE-2006-6373

07 Dec 2006 — PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. PhpMyAdmin 2.7.0-pl2 permite a atacantes remotos la obtención de información sensible a traves de una petición directa a la librería libraries/common.lib.php, que muestra la ruta en un mensaje de error. • http://securityreason.com/securityalert/1993 •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-6374

https://notcve.org/view.php?id=CVE-2006-6374

07 Dec 2006 — Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. Múltiples vulnerabilidades de inyección de CRLF en PhpMyAdmin 2.7.0-pl2 permite a... • http://securityreason.com/securityalert/1993 •

CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0

CVE-2006-5718

https://notcve.org/view.php?id=CVE-2006-5718

04 Nov 2006 — Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. Vulnerabilidad de secuencias de comandos (XSS) en error.php en phpMyAdmin 2.6.4 hasta la 2.9.0.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de codifica... • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •

CVSS: 6.1EPSS: 0%CPEs: 55EXPL: 0

CVE-2006-3388

https://notcve.org/view.php?id=CVE-2006-3388

06 Jul 2006 — Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin en versiones anteriores a 2.8.2, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro table. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html •

CVSS: 6.1EPSS: 9%CPEs: 1EXPL: 2

CVE-2006-1803 – phpMyAdmin 2.7 - 'sql.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-1803

18 Apr 2006 — Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. • https://www.exploit-db.com/exploits/27632 •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2006-1804

https://notcve.org/view.php?id=CVE-2006-1804

18 Apr 2006 — SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. • http://secunia.com/advisories/19659 •

CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 0

CVE-2006-1678

https://notcve.org/view.php?id=CVE-2006-1678

10 Apr 2006 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. • http://secunia.com/advisories/19556 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-4450

https://notcve.org/view.php?id=CVE-2005-4450

21 Dec 2005 — Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed. • http://secunia.com/advisories/18113 •

CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2005-4349

https://notcve.org/view.php?id=CVE-2005-4349

19 Dec 2005 — SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue... • http://marc.info/?l=bugtraq&m=113486637512821&w=2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 1%CPEs: 49EXPL: 0

CVE-2005-3665

https://notcve.org/view.php?id=CVE-2005-3665

08 Dec 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. • http://secunia.com/advisories/17895 •

1...3 4 5 6