CVSS: 10.0EPSS: 1%CPEs: 45EXPL: 0CVE-2008-7251
https://notcve.org/view.php?id=CVE-2008-7251
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. libraries/File.class.php en phpMyAdmin v2.11.x anterior a v2.11.10 crea un directorio temporal con permisos 0777, lo que tiene un impacto y vectores de ataque desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11536&r2=11535&pathrev=11536 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536 http://secunia.com/advisories/38211 http://secunia.com/advisories/39503 http://www.debian.org/security/2010/dsa-2034 http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php http://www.securityfocu • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 45EXPL: 0CVE-2008-7252
https://notcve.org/view.php?id=CVE-2008-7252
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. libraries/File.class.php en phpMyAdmin v2.11.x anterior a v2.11.10 utiliza nombres de ficheros previsibles para los ficheros temporales, lo que tiene un impacto y vectores de ataque desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11528&r2=11527&pathrev=11528 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528 http://secunia.com/advisories/38211 http://secunia.com/advisories/39503 http://www.debian.org/security/2010/dsa-2034 http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php http://www.securityfocu • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 0CVE-2009-4605
https://notcve.org/view.php?id=CVE-2009-4605
scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. scripts/setup.php (también conocido como secuencias de comandos de instalación) en phpMyAdmin v2.11.x anterior a v2.11.10 llama a la función unserialize en los valores de la (1) configuración y (2) v[0] parámetros, lo que podría permitir a atacantes remotos dirigir ataques de falsificación de petición en sitios cruzados (CSRF) a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/scripts/setup.php?r1=13149&r2=13148&pathrev=13149 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149 http://secunia.com/advisories/38211 http://secunia.com/advisories/39503 http://www.debian.org/security/2010/dsa-2034 http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php http://www.vupen.com/engl •
CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 0CVE-2009-3696
https://notcve.org/view.php?id=CVE-2009-3696
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. Vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre de tabla MySQL manipulado. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0CVE-2009-3697
https://notcve.org/view.php?id=CVE-2009-3697
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. Vulnerabilidad de inyección SQL en la funcionalidad generador de esquema PDF en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos ejecutar comandos SQL a su elección a través de parámetros de la interfaz no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •