Page 7 of 84 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

08 Dec 2005 — The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables. • http://secunia.com/advisories/17925 •

CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0

24 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. • http://secunia.com/advisories/17578 •

CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0

16 Nov 2005 — phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. phpMyAdmin 2.7.0-beta1 y anteriores permiten a atacantes remotos obtener la ruta completa del servidor mediante peticiones directas a varios scripts en el directorio de bibliotecas. • http://marc.info/?l=bugtraq&m=113208319104035&w=2 •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

16 Nov 2005 — CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. Vulnerabilidad de inyección de CRLF en phpMyAdmin anteriores a 2.6.4-pl4 permite a atacantes remotos conducir ataques de separación de respuesta HTTP mediante scripts no especificados. Several remote vulnerabilities have been discovered in phpMyAdmin that allow for everything from CRLF injection to cross site scripting. • http://secunia.com/advisories/17578 •

CVSS: 6.1EPSS: 7%CPEs: 4EXPL: 2

24 Oct 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. • https://www.exploit-db.com/exploits/26392 •

CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 3

23 Oct 2005 — PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. • https://www.exploit-db.com/exploits/1244 •

CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0

23 Oct 2005 — The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0478. •

CVSS: 6.1EPSS: 12%CPEs: 46EXPL: 3

08 Sep 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. • https://www.exploit-db.com/exploits/26199 •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

02 May 2005 — The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. • http://bugs.gentoo.org/show_bug.cgi?id=88831 •

CVSS: 6.1EPSS: 10%CPEs: 42EXPL: 2

07 Apr 2005 — Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. • https://www.exploit-db.com/exploits/25330 •