Page 6 of 83 results (0.010 seconds)

CVSS: 2.6EPSS: 0%CPEs: 42EXPL: 1

Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en setup.php de phpMyAdmin versiones anteriores a 2.11.8 permite a atacantes remotos asistidos por el usuario inyectar web script o HTML de su elección a través de argumentos de instalación manipulados. NOTA: esta cuestión sólo puede ser explotada en escenarios limitados en los cuales el atacante puede modificar config/config.inc.php. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/31263 http://secunia.com/advisories/31312 http://secunia.com/advisories/32834 http://www.debian.org/security/2008/dsa-1641 http://www.mandriva.com/security/advisories?name=MDVSA-2008:202 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6 http://www.securityfocus.com/bid/30420 http://www.vupen.com/english/advisories/2008/2226/references http://yehg.net/lab& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 134EXPL: 1

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en phpMyAdmin anterior a versión 2.11.7.1, permite a atacantes remotos realizar acciones no autorizadas por medio de un enlace o etiqueta IMG para (1) el parámetro db en la funcionalidad "Creating a Database" (en archivo db_create.php), y los parámetros (2) convcharset y collation_connection relacionados a un programa no especificado que modifica el ajuste de caracteres de conexión. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/31097 http://secunia.com/advisories/31115 http://secunia.com/advisories/33822 http://sourceforge.net/project/shownotes.php?release_id=613660 http://www.debian.org/security/2008/dsa-1641 http://www.mandriva.com/security/advisories?name=MDVSA-2008:202 http://www.openwall.com/lists/oss-security/2008/07/15/6 http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 http:/&#x • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión phpMyAdmin (phpmyadmin) 3.0.1 y versiones anteriores para TYPO3 permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/30884 http://typo3.org/teams/security/security-bulletins/typo3-20080701-2 http://www.securityfocus.com/bid/30039 https://exchange.xforce.ibmcloud.com/vulnerabilities/43508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 24EXPL: 0

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. Una vulnerabilidad no especificada en phpMyAdmin versiones anteriores a 2.11.5.2, cuando se ejecuta en hosts compartidos, permite a los usuarios autenticados remotos con permisos de tabla CREATE leer archivos arbitrarios por medio de una petición POST de HTTP diseñada, relacionada con el uso de una variable UploadDir indefinida. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/29944 http://secunia.com/advisories/29964 http://secunia.com/advisories/30034 http://secunia.com/advisories/30816 http://secunia.com/advisories/32834 http://secunia.com/advisories/33822 http://security.gentoo.org/glsa/glsa-200805-02.xml http://www.debian.org/security/2008/dsa-1557 http://www.mandriva&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. phpMyAdmin versiones anteriores a 2.11.5.1, almacena la clave secreta MySQL de (1) nombre de usuario (2) contraseña, y (3) Blowfish, en texto sin cifrar en un archivo de Sesión bajo /tmp, que permite a los usuarios locales obtener información confidencial. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/29588 http://secunia.com/advisories/29613 http://secunia.com/advisories/29964 http://secunia.com/advisories/30816 http://secunia.com/advisories/32834 http://secunia.com/advisories/33822 http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 http://www.debian.org/security/2 • CWE-312: Cleartext Storage of Sensitive Information •