SUSE CVE-2006-5718

Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...

SUSE CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

SUSE CVE-2006-6942

Multiple cross-site scripting XSS vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via 1 a comment for a table name, as exploited through a dboperations.php, 2 the db parameter to b dbcreate.php, 3 the newname parameter to dboperations.php...

SUSE CVE-2006-6944

phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers...

SUSE CVE-2007-0095

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...

SUSE CVE-2007-0203

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors...

SUSE CVE-2007-0204

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

SUSE CVE-2007-1325

The PMAArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service web server crash via an array with many dimensions. NOTE: it could be argued tha...

SUSE CVE-2007-1395

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting XSS attacks by injecting arbitrary JavaScript or HTML in a 1 db or 2 table parameter value followed by an uppercase end tag, which bypasses the protection...

SUSE CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...

SUSE CVE-2007-4306

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2 sqlquery, or 3 pos parameter to a tblexport.php; the 4 sessionmaxrows or 5 pos parameter to b sql.php; the 6 username parameter to c...

SUSE CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

SUSE CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

SUSE CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

SUSE CVE-2007-5976

SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...

SUSE CVE-2007-6100

Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...

SUSE CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

SUSE CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

SUSE CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

SUSE CVE-2008-2960

Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...