VYPR

phpMyAdmin

by PhpMyAdmin

Source repositories

CVEs (257)

  • CVE-2007-2016Apr 12, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.

  • CVE-2007-1395Mar 10, 2007
    risk 0.00cvss epss 0.01

    Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase end tag,…

  • CVE-2007-1325Mar 7, 2007
    risk 0.00cvss epss 0.02

    The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE:…

  • CVE-2006-6944Jan 19, 2007
    risk 0.00cvss epss 0.01

    phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

  • CVE-2007-0341Jan 18, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a…

  • CVE-2007-0204Jan 11, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

  • CVE-2007-0203Jan 11, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

  • CVE-2007-0095Jan 5, 2007
    risk 0.00cvss epss 0.02

    phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.

  • CVE-2006-6373Dec 7, 2006
    risk 0.00cvss epss 0.01

    PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.

  • CVE-2006-6374Dec 7, 2006
    risk 0.00cvss epss 0.01

    Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4)…

  • CVE-2006-5718Nov 4, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7…

  • CVE-2006-5116Oct 3, 2006
    risk 0.00cvss epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables…

  • CVE-2006-5117Oct 3, 2006
    risk 0.00cvss epss 0.01

    phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.

  • CVE-2006-3388Jul 6, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

  • CVE-2006-2418May 16, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.

  • CVE-2006-2417May 16, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.

  • CVE-2006-2031Apr 26, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

  • CVE-2006-1804Apr 18, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.

  • CVE-2006-1678Apr 11, 2006
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.

  • CVE-2005-4450Dec 21, 2005
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of…

Page 12 of 13