Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown

CVE-2008-7251

Disclosure Date: January 19, 2010 (last updated October 04, 2023)
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
0
0
Attacker Value
Unknown

CVE-2008-7252

Disclosure Date: January 19, 2010 (last updated October 04, 2023)
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
0
0
Attacker Value
Unknown

CVE-2009-2284

Disclosure Date: July 01, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
0
0
Attacker Value
Unknown

CVE-2008-4326

Disclosure Date: September 30, 2008 (last updated October 04, 2023)
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
0
0
Attacker Value
Unknown

CVE-2008-4096

Disclosure Date: September 18, 2008 (last updated October 04, 2023)
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
0
0
Attacker Value
Unknown

CVE-2008-3197

Disclosure Date: July 16, 2008 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
0
0
Attacker Value
Unknown

CVE-2008-2960

Disclosure Date: July 02, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
0
0