Search

Found 136 results in 151ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2013-3241	medium	—	5.0	EXPFIX	debian	phpmyadmin	13y ago	export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users t…
CVE-2013-3240	medium	—	7.5	EXPFIX	debian	phpmyadmin	13y ago	Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a pa…
CVE-2013-3239	medium	—	5.6	EXPFIX	debian	phpmyadmin	13y ago	phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename…
CVE-2013-3238	medium	—	7.0	EXPFIX	debian	phpmyadmin	13y ago	phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace fu…
CVE-2013-1937	medium	6.1	7.1	EXPFIX	debian	phpmyadmin	13y ago	Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visua…
CVE-2012-5368	medium	—	4.3	FIX	debian	phpmyadmin	14y ago	phpMyAdmin Unsafe Fetching of Javascript Code
CVE-2012-5339	low	—	3.5	FIX	debian	phpmyadmin	14y ago	phpMyAdmin multiple cross-site scripting vulnerabilities
CVE-2012-4579	low	—	3.5	FIX	debian	phpmyadmin	14y ago	phpMyAdmin Multiple XSS Vulnerabilities
CVE-2012-4345	low	—	3.5	FIX	debian	phpmyadmin	14y ago	phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
CVE-2012-4219	medium	—	5.0	FIX	debian	phpmyadmin	14y ago	show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, relate…
CVE-2012-1190	medium	—	4.3	FIX	debian	phpmyadmin	14y ago	Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web …
CVE-2012-1902	medium	—	4.3	FIX	debian	phpmyadmin	14y ago	show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the i…
CVE-2011-1941	medium	—	4.3	FIX	debian	phpmyadmin	15y ago	phpMyAdmin Open Redirect in redirector
CVE-2011-1940	medium	—	4.3	FIX	debian	phpmyadmin	15y ago	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name t…
CVE-2011-4782	medium	—	4.3	FIX	debian	phpmyadmin	15y ago	Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTM…
CVE-2011-4780	medium	—	4.3	FIX	debian	phpmyadmin	15y ago	Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL …
CVE-2011-4634	medium	—	4.3	FIX	debian	phpmyadmin	15y ago	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Data…
CVE-2011-4107	medium	6.5	7.5	EXPFIX	fedora debian	phpmyadmin	15y ago	phpMyAdmin vulnerable to XML external entity (XXE) injection attack
CVE-2011-3646	medium	—	5.0	FIX	debian	phpmyadmin	15y ago	phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation…
CVE-2011-4064	medium	—	4.3	FIX	debian	phpmyadmin	15y ago	Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value.
CVE-2011-3181	medium	—	4.3	FIX	debian	phpmyadmin	15y ago	Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML vi…
CVE-2011-2719	medium	—	6.4	FIX	debian	phpmyadmin	15y ago	libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attac…
CVE-2011-2718	medium	—	6.0	FIX	debian	phpmyadmin	15y ago	phpMyAdmin Directory Traversal Vulnerability
CVE-2011-2643	medium	—	6.8	FIX	debian	phpmyadmin	15y ago	Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via direct…
CVE-2011-2642	low	—	2.6	FIX	debian	phpmyadmin	15y ago	Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users…
CVE-2011-2508	medium	—	6.0	FIX	debian	phpmyadmin	15y ago	phpMyAdmin Directory Traversal vulnerability
CVE-2011-2507	medium	—	6.5	FIX	debian	phpmyadmin	15y ago	libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote auth…
CVE-2011-2505	medium	—	7.4	EXPFIX	debian	phpmyadmin	15y ago	phpMyAdmin remote variable manipulation
CVE-2011-0987	medium	—	6.5	FIX	debian	phpmyadmin	16y ago	The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for rem…
CVE-2011-0986	medium	—	5.0	FIX	debian	phpmyadmin	16y ago	phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file
CVE-2010-4481	medium	—	5.0	FIX	debian	phpmyadmin	16y ago	phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2010-4480	medium	—	5.3	EXPFIX	debian	phpmyadmin	16y ago	error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as de…
CVE-2010-4329	medium	—	4.3	FIX	debian	phpmyadmin	16y ago	Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 a…
CVE-2010-3263	medium	—	4.3	FIX	debian	phpmyadmin	16y ago	Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server n…
CVE-2010-2958	medium	—	4.3	FIX	debian	phpmyadmin	16y ago	Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtr…
CVE-2010-3056	medium	—	4.3	FIX	debian	phpmyadmin	16y ago	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (…