CVE-2008-4775 – phpMyAdmin 3.0.1 - 'pmd_pdf.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4775
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en pmd_pdf.php en phpMyAdmin v3.0.0, y posiblemente otras versiones incluyendo v2.11.9.2 y v3.0.1, cuando register_globals está activo, permite a atacantes remotos inyectar web script o HTML a través del parámetro "db", un vector diferente a CVE-2006-6942 y CVE-2007-5977. • https://www.exploit-db.com/exploits/32531 http://secunia.com/advisories/32449 http://secunia.com/advisories/32482 http://security.gentoo.org/glsa/glsa-200903-32.xml http://securityreason.com/securityalert/4516 http://www.securityfocus.com/archive/1/497815/100/0/threaded http://www.securityfocus.com/bid/31928 http://www.vupen.com/english/advisories/2008/2943 https://exchange.xforce.ibmcloud.com/vulnerabilities/46136 https://www.redhat.com/archives/fedora-package-announce/2008-October • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-3032
https://notcve.org/view.php?id=CVE-2008-3032
Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión phpMyAdmin (phpmyadmin) 3.0.1 y versiones anteriores para TYPO3 permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/30884 http://typo3.org/teams/security/security-bulletins/typo3-20080701-2 http://www.securityfocus.com/bid/30039 https://exchange.xforce.ibmcloud.com/vulnerabilities/43508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6100
https://notcve.org/view.php?id=CVE-2007-6100
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en el fichero libraries/auth/cookie.auth.lib.php de phpMyAdmin, en versiones previas a la 2.11.2.2. Cuando los inicios de sesión son autenticados con la cookie auth_type, la vulnerabilidad permite que atacantes remotos inyecten, a su elección, códigos web o HTML en index.php a través del parámetro convcharset. Una vulnerabilidad distinta a CVE-2005-0992. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/27748 http://secunia.com/advisories/29323 http://www.nth-dimension.org.uk/pub/NDSA20071119.txt.asc http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-8 http://www.securityfocus.com/bid/26513 http://www.vupen.com/english/advisories/2007/3943 https://exchange.xforce.ibmcloud.com/vulnerabilities/38601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •