Show filters
273 Total Results
Displaying 191-200 of 273
Sort by:
Attacker Value
Unknown
CVE-2010-4480
Disclosure Date: December 08, 2010 (last updated October 04, 2023)
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
0
Attacker Value
Unknown
CVE-2010-4329
Disclosure Date: December 02, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.
0
Attacker Value
Unknown
CVE-2010-3263
Disclosure Date: September 10, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name.
0
Attacker Value
Unknown
CVE-2010-2958
Disclosure Date: September 08, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056.
0
Attacker Value
Unknown
CVE-2010-3055
Disclosure Date: August 24, 2010 (last updated October 04, 2023)
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
0
Attacker Value
Unknown
CVE-2010-3056
Disclosure Date: August 24, 2010 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.
0
Attacker Value
Unknown
CVE-2008-7251
Disclosure Date: January 19, 2010 (last updated October 04, 2023)
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
0
Attacker Value
Unknown
CVE-2009-4605
Disclosure Date: January 19, 2010 (last updated October 04, 2023)
scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
0
Attacker Value
Unknown
CVE-2008-7252
Disclosure Date: January 19, 2010 (last updated October 04, 2023)
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
0
Attacker Value
Unknown
CVE-2009-3697
Disclosure Date: October 16, 2009 (last updated October 04, 2023)
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
0
