
CVE-2005-4079
https://notcve.org/view.php?id=CVE-2005-4079
08 Dec 2005 — The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables. • http://secunia.com/advisories/17925 •

CVE-2005-3787
https://notcve.org/view.php?id=CVE-2005-3787
24 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. • http://secunia.com/advisories/17578 •

CVE-2005-3622
https://notcve.org/view.php?id=CVE-2005-3622
16 Nov 2005 — phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. phpMyAdmin 2.7.0-beta1 y anteriores permiten a atacantes remotos obtener la ruta completa del servidor mediante peticiones directas a varios scripts en el directorio de bibliotecas. • http://marc.info/?l=bugtraq&m=113208319104035&w=2 •

CVE-2005-3621 – Debian Linux Security Advisory 1207-1
https://notcve.org/view.php?id=CVE-2005-3621
16 Nov 2005 — CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. Vulnerabilidad de inyección de CRLF en phpMyAdmin anteriores a 2.6.4-pl4 permite a atacantes remotos conducir ataques de separación de respuesta HTTP mediante scripts no especificados. Several remote vulnerabilities have been discovered in phpMyAdmin that allow for everything from CRLF injection to cross site scripting. • http://secunia.com/advisories/17578 •

CVE-2005-3301 – phpMyAdmin 2.x - 'queryframe.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3301
24 Oct 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. • https://www.exploit-db.com/exploits/26392 •

CVE-2005-3299 – phpMyAdmin 2.6.4-pl1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2005-3299
23 Oct 2005 — PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. • https://www.exploit-db.com/exploits/1244 •

CVE-2005-3300 – Debian Linux Security Advisory 880-1
https://notcve.org/view.php?id=CVE-2005-3300
23 Oct 2005 — The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0478. •

CVE-2005-2869 – phpMyAdmin 2.x - 'error.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2869
08 Sep 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. • https://www.exploit-db.com/exploits/26199 •

CVE-2005-1392
https://notcve.org/view.php?id=CVE-2005-1392
02 May 2005 — The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. • http://bugs.gentoo.org/show_bug.cgi?id=88831 •

CVE-2005-0992 – phpMyAdmin 2.x - Convcharset Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-0992
07 Apr 2005 — Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. • https://www.exploit-db.com/exploits/25330 •