CVSS: 2.6EPSS: 0%CPEs: 42EXPL: 1CVE-2008-3457
https://notcve.org/view.php?id=CVE-2008-3457
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en setup.php de phpMyAdmin versiones anteriores a 2.11.8 permite a atacantes remotos asistidos por el usuario inyectar web script o HTML de su elección a través de argumentos de instalación manipulados. NOTA: esta cuestión sólo puede ser explotada en escenarios limitados en los cuales el atacante puede modificar config/config.inc.php. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/31263 http://secunia.com/advisories/31312 http://secunia.com/advisories/32834 http://www.debian.org/security/2008/dsa-1641 http://www.mandriva.com/security/advisories?name=MDVSA-2008:202 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6 http://www.securityfocus.com/bid/30420 http://www.vupen.com/english/advisories/2008/2226/references http://yehg.net/lab& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3032
https://notcve.org/view.php?id=CVE-2008-3032
Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión phpMyAdmin (phpmyadmin) 3.0.1 y versiones anteriores para TYPO3 permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/30884 http://typo3.org/teams/security/security-bulletins/typo3-20080701-2 http://www.securityfocus.com/bid/30039 https://exchange.xforce.ibmcloud.com/vulnerabilities/43508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 24EXPL: 0CVE-2008-1924
https://notcve.org/view.php?id=CVE-2008-1924
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. Una vulnerabilidad no especificada en phpMyAdmin versiones anteriores a 2.11.5.2, cuando se ejecuta en hosts compartidos, permite a los usuarios autenticados remotos con permisos de tabla CREATE leer archivos arbitrarios por medio de una petición POST de HTTP diseñada, relacionada con el uso de una variable UploadDir indefinida. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/29944 http://secunia.com/advisories/29964 http://secunia.com/advisories/30034 http://secunia.com/advisories/30816 http://secunia.com/advisories/32834 http://secunia.com/advisories/33822 http://security.gentoo.org/glsa/glsa-200805-02.xml http://www.debian.org/security/2008/dsa-1557 http://www.mandriva&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-1567
https://notcve.org/view.php?id=CVE-2008-1567
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. phpMyAdmin versiones anteriores a 2.11.5.1, almacena la clave secreta MySQL de (1) nombre de usuario (2) contraseña, y (3) Blowfish, en texto sin cifrar en un archivo de Sesión bajo /tmp, que permite a los usuarios locales obtener información confidencial. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/29588 http://secunia.com/advisories/29613 http://secunia.com/advisories/29964 http://secunia.com/advisories/30816 http://secunia.com/advisories/32834 http://secunia.com/advisories/33822 http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 http://www.debian.org/security/2 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.1EPSS: 0%CPEs: 18EXPL: 0CVE-2008-1149
https://notcve.org/view.php?id=CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. phpMyAdmin anterior a la v2.11.5, accesos a $_REQUEST para obtener algún parámetro en vez de usar $_GET y $_POST, puede permitir a atacantes remotos del mismo dominio sobrescribir variables, inyectar código SQL y realizar ataques de falsificación de petición en sitios cruzados (CSRF) usando cookies manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/29143 http://secunia.com/advisories/29200 http://secunia.com/advisories/29287 http://secunia.com/advisories/29964 http://secunia.com/advisories/30816 http://secunia.com/advisories/32834 http://secunia.com/advisories/33822 http://www.debian.org/security/2008/dsa-1557 http://www.gentoo.org/security/en/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-352: Cross-Site Request Forgery (CSRF) •