22 matches found
CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
EUVD-2011-3148
Malware in sbrugna...
EUVD-2016-3635
Malware in sbrugna...
EUVD-2006-5101
Malware in sbrugna...
EUVD-2004-2623
Malware in sbrugna...
EUVD-2013-4840
Malware in sbrugna...
EUVD-2007-5946
Malware in sbrugna...
EUVD-2016-3146
Malware in sbrugna...
EUVD-2015-8546
Malware in sbrugna...
EUVD-2022-4913
Malicious code in bioql PyPI...
EUVD-2022-2582
Malicious code in bioql PyPI...
EUVD-2022-4830
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-6633
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with...
CVE-2016-5734
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...
CVE-2016-5704
Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...
CVE-2016-2038
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
CVE-2011-3646
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed jsframe parameter to phpmyadmin.css.php, which reveals the installation path in an error message...
CVE-2010-3263
Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...
CVE-2010-3055
The configuration setup script aka scripts/setup.php in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request...
CVE-2008-4096
libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...