VIR Vulnerability Intelligence Relay

Search

Found 129 results in 113ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-1000015 medium 6.1 6.1 FIX debian debian phpmyadmin 9y ago phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters
CVE-2017-1000013 medium 6.1 6.1 FIX debian debian phpmyadmin 9y ago phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness
CVE-2016-9860 medium 5.9 5.9 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4…
CVE-2016-9859 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versi…
CVE-2016-9858 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4…
CVE-2016-9857 medium 6.1 6.1 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to …
CVE-2016-9856 medium 6.1 6.1 FIX debian debian phpmyadmin 10y ago An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions…
CVE-2016-9855 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the…
CVE-2016-9854 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the…
CVE-2016-9853 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago phpMyAdmin path disclosure
CVE-2016-9852 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the…
CVE-2016-9851 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago phpMyAdmin Bypass logout timeout
CVE-2016-9850 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x v…
CVE-2016-9848 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4…
CVE-2016-9847 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way thi…
CVE-2016-6632 medium 5.9 5.9 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (…
CVE-2016-6630 medium 6.5 6.5 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to …
CVE-2016-6628 medium 6.3 6.3 FIX debian debian phpmyadmin 10y ago phpMyAdmin Reflected File Download attack
CVE-2016-6627 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.…
CVE-2016-6626 medium 5.4 5.4 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to…
CVE-2016-6625 medium 4.3 4.3 FIX debian debian phpmyadmin 10y ago phpMyAdmin allows to detect if user is logged in
CVE-2016-6624 medium 5.9 5.9 FIX debian debian phpmyadmin 10y ago phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention
CVE-2016-6623 medium 6.5 6.5 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions…
CVE-2016-6622 medium 5.9 5.9 FIX debian debian phpmyadmin 10y ago phpMyAdmin DoS Vulnerability
CVE-2016-6618 medium 6.5 6.5 FIX debian debian phpmyadmin 10y ago phpMyAdmin Denial of service (DOS) attack in transformation feature
CVE-2016-6615 medium 6.1 6.1 FIX debian debian phpmyadmin 10y ago XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" featu…
CVE-2016-6614 medium 6.8 6.8 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user…
CVE-2016-6613 medium 5.3 5.3 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user…
CVE-2016-6612 medium 6.5 6.5 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions…
CVE-2016-6610 medium 4.3 4.3 FIX debian debian phpmyadmin 10y ago A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x ve…
CVE-2016-6608 medium 6.1 6.1 FIX debian debian phpmyadmin 10y ago XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x…
CVE-2016-6607 medium 6.1 6.1 FIX debian debian phpmyadmin 10y ago XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are …
CVE-2016-4412 medium 4.4 4.4 FIX debian debian phpmyadmin 10y ago An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the u…
CVE-2016-5099 medium 6.1 6.1 FIX suse susedebian debian phpmyadmin 10y ago Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mish…
CVE-2016-5098 medium 5.3 5.3 FIX suse susedebian debian phpmyadmin 10y ago Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.
CVE-2016-5097 medium 5.3 5.3 FIX suse susedebian debian phpmyadmin 10y ago phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by readin…
CVE-2016-5733 medium 6.1 6.1 FIX suse susedebian debian phpmyadmin 10y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML v…
CVE-2016-5732 medium 6.1 6.1 FIX debian debian phpmyadmin 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before …
CVE-2016-5731 medium 6.1 6.1 FIX suse susedebian debian phpmyadmin 10y ago phpMyAdmin Cross-site scripting (XSS) vulnerability
CVE-2016-5730 medium 5.3 5.3 FIX suse susedebian debian phpmyadmin 10y ago phpMyAdmin full path disclosure vulnerability
CVE-2016-5705 medium 6.1 6.1 FIX suse susedebian debian phpmyadmin 10y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) …
CVE-2016-5704 medium 6.1 6.1 FIX debian debian phpmyadmin 10y ago Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.
CVE-2016-5702 low 3.7 3.7 FIX debian debian phpmyadmin 10y ago phpMyAdmin cookie-attribute injection
CVE-2016-5701 medium 6.1 6.1 FIX suse susedebian debian phpmyadmin 10y ago phpMyAdmin vulnerable to Cross-site Scripting
CVE-2016-2562 medium 6.8 6.8 FIX debian debian phpmyadmin 10y ago phpMyAdmin Improper Input Validation
CVE-2016-2561 medium 5.4 5.4 FIX debian debian phpmyadmin 10y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normal…
CVE-2016-2560 medium 6.1 6.1 FIX debian debian phpmyadmin 10y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML…
CVE-2016-2559 medium 5.4 5.4 FIX debian debian phpmyadmin 10y ago Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to i…
CVE-2016-2045 medium 5.4 5.4 FIX fedora fedoradebian debian phpmyadmin 10y ago Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON…
CVE-2016-2044 medium 5.3 5.3 FIX fedora fedoradebian debian phpmyadmin 10y ago libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an e…
CVE-2016-2043 medium 5.4 5.4 FIX suse susefedora fedoradebian debian phpmyadmin 10y ago Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject ar…
CVE-2016-2042 medium 5.3 5.3 FIX suse susefedora fedoradebian debian phpmyadmin 10y ago phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpsecl…
CVE-2016-2040 medium 5.4 5.4 FIX suse susefedora fedoradebian debian phpmyadmin 10y ago phpMyAdmin XSS Vulnerability
CVE-2016-2039 medium 5.3 5.3 FIX suse susefedora fedoradebian debian phpmyadmin 10y ago libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass int…
CVE-2016-2038 medium 5.3 5.3 FIX suse susefedora fedoradebian debian phpmyadmin 10y ago phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error…
CVE-2015-8669 medium 5.3 5.3 FIX debian debian phpmyadmin 11y ago libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, …
CVE-2015-7873 medium 5.0 FIX debian debian phpmyadmin 11y ago The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
CVE-2015-6830 medium 6.0 EXPFIX debian debian phpmyadmin 11y ago phpMyAdmin ReCaptcha bypass
CVE-2015-3903 medium 4.3 FIX debian debian phpmyadmin 11y ago libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls ov…
CVE-2015-3902 medium 6.8 FIX debian debian phpmyadmin 11y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remo…
CVE-2015-2206 medium 5.0 FIX fedora fedoradebian debian phpmyadmin 11y ago libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a…
CVE-2011-3592 low 3.5 FIX debian debian phpmyadmin 12y ago Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script o…
CVE-2011-3591 low 3.5 FIX debian debian phpmyadmin 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an imprope…
CVE-2014-9219 medium 4.3 FIX debian debian phpmyadmin 12y ago Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2014-9218 medium 6.0 EXPFIX debian debian phpmyadmin 12y ago libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long p…
CVE-2014-8961 medium 4.0 FIX suse susedebian debian phpmyadmin 12y ago Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obt…
CVE-2014-8960 low 3.5 FIX debian debian phpmyadmin 12y ago Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users…
CVE-2014-8959 medium 6.5 FIX suse susedebian debian phpmyadmin 12y ago Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authentica…
CVE-2014-8958 medium 4.3 FIX debian debian phpmyadmin 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script…
CVE-2014-6300 medium 4.3 FIX suse susedebian debian phpmyadmin 12y ago Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arb…
CVE-2014-8326 low 3.5 FIX suse susedebian debian phpmyadmin 12y ago phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
CVE-2014-7217 low 3.5 FIX debian debian phpmyadmin 12y ago phpMyAdmin cross-site scripting Vulnerability via ENUM value
CVE-2014-5274 low 3.5 FIX suse susedebian debian phpmyadmin 12y ago phpMyAdmin cross-site scripting vulnerability in crafted view name
CVE-2014-5273 low 3.5 FIX debian debian phpmyadmin 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web scrip…
CVE-2014-4987 medium 4.0 FIX suse susedebian debian phpmyadmin 12y ago server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers…
CVE-2014-4986 low 3.5 FIX debian debian phpmyadmin 12y ago phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
CVE-2014-4955 low 3.5 FIX debian debian phpmyadmin 12y ago Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 all…
CVE-2014-4954 low 3.5 FIX debian debian phpmyadmin 12y ago Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrar…
CVE-2014-4349 low 3.5 FIX debian debian phpmyadmin 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ta…
CVE-2014-4348 low 3.5 FIX debian debian phpmyadmin 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) tab…
CVE-2014-1879 low 3.5 FIX debian debian phpmyadmin 13y ago Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
CVE-2013-5029 medium 4.3 FIX suse susedebian debian phpmyadmin 13y ago phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
CVE-2013-5003 medium 6.5 FIX debian debian phpmyadmin 13y ago Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pm…
CVE-2013-5002 low 3.5 FIX debian debian phpmyadmin 13y ago phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
CVE-2013-5001 low 3.5 FIX debian debian phpmyadmin 13y ago Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to …
CVE-2013-5000 medium 5.0 FIX debian debian phpmyadmin 13y ago phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php …
CVE-2013-4999 medium 5.0 FIX debian debian phpmyadmin 13y ago phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and…
CVE-2013-4998 medium 5.0 FIX debian debian phpmyadmin 13y ago phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, relat…
CVE-2013-4997 medium 4.3 FIX debian debian phpmyadmin 13y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an…
CVE-2013-4996 medium 4.3 FIX debian debian phpmyadmin 13y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1)…
CVE-2013-4995 low 3.5 FIX debian debian phpmyadmin 13y ago Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query t…
CVE-2013-4729 medium 5.5 FIX debian debian phpmyadmin 13y ago phpMyAdmin Global variables scope injection vulnerability
CVE-2013-3742 low 3.5 FIX debian debian phpmyadmin 13y ago Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an i…
CVE-2013-3241 medium 5.0 EXPFIX debian debian phpmyadmin 13y ago export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users t…
CVE-2013-3240 medium 7.5 EXPFIX debian debian phpmyadmin 13y ago Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a pa…
CVE-2013-3239 medium 5.6 EXPFIX debian debian phpmyadmin 13y ago phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename…
CVE-2013-3238 medium 7.0 EXPFIX debian debian phpmyadmin 13y ago phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace fu…
CVE-2013-1937 medium 6.1 7.1 EXPFIX debian debian phpmyadmin 13y ago Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visua…
CVE-2012-5368 medium 4.3 FIX debian debian phpmyadmin 14y ago phpMyAdmin Unsafe Fetching of Javascript Code
CVE-2012-5339 low 3.5 FIX debian debian phpmyadmin 14y ago phpMyAdmin multiple cross-site scripting vulnerabilities