2.9.1

DATE	CVE	VULNERABILITY TITLE	RISK
2007-10-19	CVE-2007-5589	Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. network phpmyadmin CWE-79	4.3
2007-03-10	CVE-2007-1395	Cross-Site Scripting vulnerability in phpMyAdmin Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>. network phpmyadmin	4.3
2007-03-07	CVE-2007-1325	Remote Denial of Service vulnerability in phpMyAdmin PMA_ArrayWalkRecursive Function The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. network phpmyadmin	7.1
2007-01-19	CVE-2006-6944	Security Bypass vulnerability in phpMyAdmin phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. network low complexity phpmyadmin	7.5
2007-01-19	CVE-2006-6943	Improper Input Validation vulnerability in PHPmyadmin PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. network low complexity phpmyadmin CWE-20	5.0
2007-01-19	CVE-2006-6942	Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. network phpmyadmin debian CWE-79	6.8
2007-01-11	CVE-2007-0204	Input Validation vulnerability in phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network phpmyadmin	6.8
2007-01-11	CVE-2007-0203	Input Validation vulnerability in phpMyAdmin Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. network low complexity phpmyadmin critical	10.0
2006-11-04	CVE-2006-5718	Cross-Site Scripting vulnerability in PHPMyAdmin UTF-7 Encoding Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. network phpmyadmin	4.3