CVE-2006-6374
https://notcve.org/view.php?id=CVE-2006-6374
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. Múltiples vulnerabilidades de inyección de CRLF en PhpMyAdmin 2.7.0-pl2 permite a atacantes remotos inyectar cabeceras HTML de su elección y conducir ataques de divisionamiento de respuestas HTTP mediante secuencias CRLF en una cookie phpMyAdmin en (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, y posiblemente otros ficheros. • http://securityreason.com/securityalert/1993 http://www.securityfocus.com/archive/1/453432/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/30703 •
CVE-2006-6373
https://notcve.org/view.php?id=CVE-2006-6373
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. PhpMyAdmin 2.7.0-pl2 permite a atacantes remotos la obtención de información sensible a traves de una petición directa a la librería libraries/common.lib.php, que muestra la ruta en un mensaje de error. • http://securityreason.com/securityalert/1993 http://www.securityfocus.com/archive/1/453432/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/30737 •
CVE-2006-5718
https://notcve.org/view.php?id=CVE-2006-5718
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. Vulnerabilidad de secuencias de comandos (XSS) en error.php en phpMyAdmin 2.6.4 hasta la 2.9.0.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de codificaciones de caracteres UTF-7 or US-ASCII, lo cual son inyectados dentro de un mensaje de error, como se demostró por una respuesta con un el parámetro utf7 acompañado por datos UTF-7. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://secunia.com/advisories/22599 http://secunia.com/advisories/23086 http://www.hardened-php.net/advisory_122006.137.html http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6 http://www.securityfocus.com/archive/1/450397/100/0/threaded http://www.securityfocus.com/bid/20856 http://www.vupen.com/english/advisories/2006/4298 https://exchange.xforce.ibmcloud.com/vulnerabilities/29957 •
CVE-2006-3388
https://notcve.org/view.php?id=CVE-2006-3388
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin en versiones anteriores a 2.8.2, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro table. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://secunia.com/advisories/20907 http://secunia.com/advisories/23086 http://securitynews.ir/advisories/phpmyadmin281.txt http://securityreason.com/securityalert/1194 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-4 http://www.securityfocus.com/archive/1/438870/100/0/threaded http://www.securityfocus.com/bid/18754 http://www.vupen.com/english/advisories/2006/2622 https://exchange.xforce.ibm •
CVE-2006-1804
https://notcve.org/view.php?id=CVE-2006-1804
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. • http://secunia.com/advisories/19659 http://secunia.com/advisories/19897 http://www.novell.com/linux/security/advisories/2006_04_28.html http://www.securityfocus.com/archive/1/431013/100/0/threaded http://www.vupen.com/english/advisories/2006/1372 https://exchange.xforce.ibmcloud.com/vulnerabilities/25858 •