CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-0204
https://notcve.org/view.php?id=CVE-2007-0204
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin versiones anteriores a 2.9.2-rc1 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://osvdb.org/32667 http://secunia.com/advisories/23702 http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 http://www.securityfocus.com/bid/21987 http://www.vupen.com/english/advisories/2007/0125 https://exchange.xforce.ibmcloud.com/vulnerabilities/31387 •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2006-5718
https://notcve.org/view.php?id=CVE-2006-5718
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. Vulnerabilidad de secuencias de comandos (XSS) en error.php en phpMyAdmin 2.6.4 hasta la 2.9.0.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de codificaciones de caracteres UTF-7 or US-ASCII, lo cual son inyectados dentro de un mensaje de error, como se demostró por una respuesta con un el parámetro utf7 acompañado por datos UTF-7. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://secunia.com/advisories/22599 http://secunia.com/advisories/23086 http://www.hardened-php.net/advisory_122006.137.html http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6 http://www.securityfocus.com/archive/1/450397/100/0/threaded http://www.securityfocus.com/bid/20856 http://www.vupen.com/english/advisories/2006/4298 https://exchange.xforce.ibmcloud.com/vulnerabilities/29957 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2006-5117
https://notcve.org/view.php?id=CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. phpMyAdmin anterior a 2.9.1-rc1 tiene un directorio de librerias bajo la raíz de la documentación web con controles de acceso insuficientes, lo caul permiet a un atacante remoto obtener información sensible a través de repuesta directar para cierto archivos. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download http://secunia.com/advisories/22126 http://secunia.com/advisories/23086 http://www.securityfocus.com/bid/20253 •
CVSS: 5.1EPSS: 3%CPEs: 8EXPL: 0CVE-2006-5116
https://notcve.org/view.php?id=CVE-2006-5116
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en phpMyAdmin anteror a 2.9.1-rc1 rem realizar acciones no autorizadas como otro usuario (1) estableciendo directamente un testigo en el URL mediante evaluación dinámica de variable y (2) cambiar variables de su elección mediante el array _REQUEST, relacionado con (a) libraries/common.lib.php, (b) session.inc.php, y (3) url_generating.lib.php. NOTA: el vector de la función unset de PHP se trata en CVE-2006-3017. • http://attrition.org/pipermail/vim/2006-October/001067.html http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download http://secunia.com/advisories/22126 http://secunia.com/advisories/22781 http://secunia.com/advisories/23086 http://securityreason.com/securityalert/1677 http://www.debian.org/security/2006/dsa-1207 http://www.hardened-php.net/advisory_072006.130.html http://www.phpmyadmi •
CVSS: 5.8EPSS: 0%CPEs: 55EXPL: 0CVE-2006-3388
https://notcve.org/view.php?id=CVE-2006-3388
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin en versiones anteriores a 2.8.2, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro table. • http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://secunia.com/advisories/20907 http://secunia.com/advisories/23086 http://securitynews.ir/advisories/phpmyadmin281.txt http://securityreason.com/securityalert/1194 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-4 http://www.securityfocus.com/archive/1/438870/100/0/threaded http://www.securityfocus.com/bid/18754 http://www.vupen.com/english/advisories/2006/2622 https://exchange.xforce.ibm •