2.11.0rc1

DATE	CVE	VULNERABILITY TITLE	RISK
2010-01-19	CVE-2008-7252	Cryptographic Issues vulnerability in PHPmyadmin libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. network low complexity phpmyadmin CWE-310 critical	10.0
2010-01-19	CVE-2008-7251	Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. network low complexity phpmyadmin CWE-264 critical	10.0
2009-07-01	CVE-2009-2284	Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. network phpmyadmin CWE-79	4.3
2008-09-30	CVE-2008-4326	Cross-Site Scripting vulnerability in PHPmyadmin The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. network phpmyadmin microsoft CWE-79	4.3
2008-09-18	CVE-2008-4096	Improper Input Validation vulnerability in PHPmyadmin libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. network phpmyadmin CWE-20	8.5
2008-07-16	CVE-2008-3197	Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. network phpmyadmin CWE-352	3.5
2008-07-02	CVE-2008-2960	Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. network high complexity phpmyadmin CWE-79	2.6
2008-04-23	CVE-2008-1924	Information Exposure vulnerability in PHPmyadmin Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. network phpmyadmin CWE-200	3.5