CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2011-4782 – phpMyAdmin 3.4.8 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2011-4782
Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) libraries/config/ConfigFile.class.php en el interfaz de configuración en phpMyAdmin v3.4.x antes de v3.4.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro host. phpMyAdmin version 3.4.8 suffers from a cross site scripting vulnerability. • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0e707906e69ce90c4852a0fce2a0fac7db86a3cd http://www.mandriva.com/security/advisories?name=MDVSA-2011:198 http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php https://exchange.xforce.ibmcloud.com/vulnerabilities/71938 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 9%CPEs: 6EXPL: 6CVE-2011-4107 – phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection
https://notcve.org/view.php?id=CVE-2011-4107
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. La función simplexml_load_string en la importación XML plug-in (libraries/import/xml.php) en phpMyAdmin v3.4.x anterior a v3.4.7.1, v3.3.x y v3.3.10.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de datos XML que contiene entidad de referencia externa, también conocido como un XML entidad externa (XXE) ataque de inyección. phpMyAdmin versions 3.3.x and 3.4.x suffer from a local file inclusion vulnerability via XXE injection. The attacker must be logged in to MySQL via phpMyAdmin. • https://www.exploit-db.com/exploits/18371 https://github.com/SECFORCE/CVE-2011-4107 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html http://osvdb.org/76798 http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt http://seclists.org/fulldisclosure/2011/Nov/21 http://secunia.com/adviso • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2011-4064
https://notcve.org/view.php?id=CVE-2011-4064
Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en la interfaz de configuración de phpMyAdmin v3.4.x antes de la versión v3.4.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un valor metido a mano. • http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069235.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069237.html http://secunia.com/advisories/46874 http://securitytracker.com/id?1026199 http://www.mandriva.com/security/advisories?name=MDVSA-2011:158 http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php http://www.securityfocus.com/bid/50175 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3646
https://notcve.org/view.php?id=CVE-2011-3646
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. phpmyadmin.css.php en phpMyAdmin v3.4.x anterior a v3.4.6 permite a atacantes remotos obtener información sensible a través de un parámetro jsarray-typed js_frame a phpmyadmin.css.php, lo cual revela la ruta de instalación en un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069235.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069237.html http://secunia.com/advisories/46874 http://www.mandriva.com/security/advisories?name=MDVSA-2011:158 http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2011-3181
https://notcve.org/view.php?id=CVE-2011-3181
Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la característica de Tracking en phpMyAdmin v3.3.x anterior a v3.3.10.4 y 3.4.x anterior a v3.4.4 permite a atacantes remotos inyectar script web de su elección o HTML a través de un (1) nombre de tabla, (2) nombre de columna, o (2) nombre de index. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065824.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065829.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065854.html http://secunia.com/advisories/45709 http://secunia.com/advisories/45990 http://www.debian.org/security/2012/dsa-2391 http://www.mandriva.com/security/advisories?name=MDVSA-2011:158 http://www.phpmyadmin.net/home_page/security/PMASA-2011-13.php http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •