CVE-2010-3263
https://notcve.org/view.php?id=CVE-2010-3263
Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en setup/frames/index.inc.php en el ficheros de comandos de configuración en phpMyAdmin v3.x anteriores a v3.3.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del nombre del servidor. • http://secunia.com/advisories/41210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:186 http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php https://exchange.xforce.ibmcloud.com/vulnerabilities/61675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2958
https://notcve.org/view.php?id=CVE-2010-2958
Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en libraries/Error.class.php en phpMyAdmin v3.x anterior a v3.3.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con un backtrace y mensajes de error (también conocidos como mensajes de depuración). Vulnerabilidad distinta de CVE-2010-3056. • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=133a77fac7d31a38703db2099a90c1b49de62e37 http://secunia.com/advisories/41206 http://www.openwall.com/lists/oss-security/2010/09/01/2 http://www.openwall.com/lists/oss-security/2010/09/01/3 http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php http://www.vupen.com/english/advisories/2010/2242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-3056
https://notcve.org/view.php?id=CVE-2010-3056
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v2.11.x anterior a v2.11.10.1, y 3.x anterior a 3.3.5.1 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores relacionados con (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, y (17) tbl_sql.php. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997.html http://secunia.com/advisories/41000 http://secunia.com/advisories/41185 http://www.debian.org/security/2010/dsa-2097 http://www.mandriva.com/security/advisories?name=MDVSA-2010:163 http://www.mandriva.com/security/advisories?name=MDVSA-2010:164 http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php http://www.securityfocus& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3696
https://notcve.org/view.php?id=CVE-2009-3696
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. Vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre de tabla MySQL manipulado. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3697
https://notcve.org/view.php?id=CVE-2009-3697
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. Vulnerabilidad de inyección SQL en la funcionalidad generador de esquema PDF en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos ejecutar comandos SQL a su elección a través de parámetros de la interfaz no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •