Page 6 of 47 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 0

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. Vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre de tabla MySQL manipulado. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0

SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. Vulnerabilidad de inyección SQL en la funcionalidad generador de esquema PDF en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos ejecutar comandos SQL a su elección a través de parámetros de la interfaz no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 177EXPL: 0

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin anterior a v3.2.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un favorito con una sentencia SQL manipulada. • http://secunia.com/advisories/35649 http://secunia.com/advisories/35715 http://www.mandriva.com/security/advisories?name=MDVSA-2009:192 http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00150.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00152.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00256.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters. Vulnerabilidad de inyección CRLF en el archivo bs_disp_as_mime_type.php en la característica BLOB streaming en phpMyAdmin anteriores a v3.1.3.1 permite a los atacantes remotos inyectar arbitrariamente cabeceras HTTP y llevar a cabo ataques de separación de respuesta HTTP a través de los parámetros (1) c_type y posiblemente (2) file_type • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303 http://secunia.com/advisories/34468 http://secunia.com/advisories/34642 http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en la página de exportación (display_export.lib.php) en phpMyAdmin v2.11.x anteriores a v2.11.9.5 y v3.x anteriores a v3.1.3.1, permite a los atacantes remotos inyectar una secuencia de comandos web o HTML a través de la cookie pma_db_filename_template. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986&r2=12302&pathrev=12302 http://secunia.com/advisories/34430 http://secunia.com/advisories/34642 http://secunia.com/advisories/35585 http://secunia.com/advisories/35635 http://security.gentoo.org/glsa/glsa-200906-03.xml http://www.debian.org/security/2009/dsa-1824 http://www.mandriva.com/security/advisori • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •