CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2005/07/13 12:0 a.m.•17 views

FreeBSD : phpmyadmin -- information disclosure vulnerability (a7062952-9023-11d9-a22c-0001020eed82)

A phpMyAdmin security announcement reports : By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmi...

5CVSS5.5AI score0.00501EPSS

Exploits0References3

Tenable Nessus•added 2005/07/13 12:0 a.m.•26 views

FreeBSD : phpmyadmin -- increased privilege vulnerability (6192ae3d-9595-11d9-a9e0-0001020eed82)

The phpMyAdmin team reports : Escaping of the '' character was not properly done, giving a wildcard privilege when editing db-specific privileges with phpMyAdmin. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

4.6CVSS5.3AI score0.00156EPSS

Tenable Nessus•added 2005/07/13 12:0 a.m.•24 views

FreeBSD : phpmyadmin -- arbitrary file include and XSS vulnerabilities (882ef43b-901f-11d9-a22c-0001020eed82)

A phpMyAdmin security announcement reports : We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points : - css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections...

7.5CVSS5.7AI score0.02795EPSS

Exploits1References5

Tenable Nessus•added 2005/07/13 12:0 a.m.•22 views

FreeBSD : phpmyadmin -- file disclosure vulnerability (9f0a405e-4edd-11d9-a9e7-0001020eed82)

A phpMyAdmin security announcement reports : File disclosure: on systems where the UploadDir mecanism is active, readdump.php can be called with a crafted form; using the fact that the sqllocalfile variable is not sanitized can lead to a file disclosure. Enabling PHP safe mode on the server can b...

5CVSS5.5AI score0.00391EPSS

Tenable Nessus•added 2005/07/13 12:0 a.m.•27 views

FreeBSD : phpmyadmin -- command execution vulnerability (0ff0e9a6-4ee0-11d9-a9e7-0001020eed82)

A phpMyAdmin security announcement reports : Command execution: since phpMyAdmin 2.6.0-pl2, on a system where external MIME-based transformations are activated, an attacker can put into MySQL data an offensive value that starts a shell command when browsed. Enabling PHP safe mode on the server ca...

10CVSS5.5AI score0.04568EPSS

exploitpack•added 2005/05/20 12:0 a.m.•10 views

phpMyAdmin 2.x - queryframe.php Cross-Site Scripting

phpMyAdmin 2.x - queryframe.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...

6.8AI score

exploitpack•added 2005/05/20 12:0 a.m.•13 views

phpMyAdmin 2.x - server_databases.php Cross-Site Scripting

phpMyAdmin 2.x - serverdatabases.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

6.8AI score

Exploit DB•added 2005/05/20 12:0 a.m.•29 views

phpMyAdmin 2.x - 'queryframe.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...

7.4AI score

Exploit DB•added 2005/05/20 12:0 a.m.•24 views

phpMyAdmin 2.x - 'server_databases.php' Cross-Site Scripting

7.4AI score

NVD•added 2005/05/03 4:0 a.m.•19 views

CVE-2005-1392

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script...

4.6CVSS6.6AI score0.00051EPSS

UbuntuCve•added 2005/05/03 4:0 a.m.•21 views

CVE-2005-1392

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script...

4.6CVSS5.9AI score0.00051EPSS

OSV•added 2005/05/02 4:0 a.m.•1 views

DEBIAN-CVE-2005-0992

Cross-site scripting XSS vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter...

4.3CVSS5.7AI score0.10163EPSS

Exploits1References1

OSV•added 2005/05/02 4:0 a.m.•6 views

CVE-2005-0567

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...

7.5AI score

Exploits0References7

OSV•added 2005/05/02 4:0 a.m.•2 views

DEBIAN-CVE-2005-0653

phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended...

4.6CVSS6.5AI score0.00156EPSS

OSV•added 2005/05/02 4:0 a.m.•3 views

DEBIAN-CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

5CVSS7AI score0.00501EPSS