libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.

SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action.

Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter.

system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request.

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.