FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

in the FreeBSD Ports Collection repository, path ports/security/vuxml/vuln.xml
as a local copy
as a local copy, compressed with bzip2
as a local copy, compressed with xz
as a local copy, compressed with zstandard

Please report security issues to the FreeBSD Security Team at <ports-secteam@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

phpMyAdmin

phpMyAdmin at FreshPorts.org

Entered	Topic
2023-03-16	phpMyAdmin -- XSS vulnerability in drag-and-drop upload
2020-03-25	phpMyAdmin -- SQL injection
2020-01-11	phpMyAdmin -- SQL injection
2019-06-13	phpMyAdmin -- CSRF vulnerability in login form
2019-01-27	phpMyAdmin -- File disclosure and SQL injection
2018-12-12	phpMyAdmin -- multiple vulnerabilities
2018-08-22	phpmyadmin -- XSS in the import dialog
2018-02-22	phpMyAdmin -- self XSS in central columns feature
2017-12-23	phpMyAdmin -- XSRF/CSRF vulnerability
2017-03-29	phpMyAdmin -- bypass 'no password' restriction
2017-01-24	phpMyAdmin -- Multiple vulnerabilities
2016-11-25	phpMyAdmin -- multiple vulnerabilities
2015-12-26	phpMyAdmin -- path disclosure vulnerability
2015-10-23	phpMyAdmin -- Content spoofing vulnerability
2015-09-08	phpMyAdmin -- reCaptcha bypass
2015-05-13	phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities
2015-03-08	phpMyAdmin -- Risk of BREACH attack due to reflected parameter
2014-12-04	phpMyAdmin -- XSS and DoS vulnerabilities
2014-11-21	phpMyAdmin -- XSS and information disclosure vulnerabilities
2014-10-22	phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page.
2014-10-01	phpMyAdmin -- XSS vulnerabilities
2014-09-13	phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature
2014-08-17	phpMyAdmin -- XSS vulnerabilities
2014-07-18	phpMyAdmin -- multiple XSS vulnerabilities, missing validation
2014-06-20	phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names
2014-02-15	phpMyAdmin -- Self-XSS due to unescaped HTML output in import.
2013-08-04	phpMyAdmin -- clickJacking protection can be bypassed
2013-07-28	phpMyAdmin -- multiple vulnerabilities
2013-06-30	phpMyAdmin -- Global variable scope injection
2013-06-05	phpMyAdmin -- XSS due to unescaped HTML output in Create View page
2013-04-24	phpMyAdmin -- Multiple security vulnerabilities
2013-04-20	phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page
2012-10-14	phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack
2012-08-17	phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages
2012-08-11	phpMyAdmin -- Path disclosure due to missing library
2012-03-28	phpMyAdmin -- Path disclosure due to missing verification of file presence
2012-02-18	phpMyAdmin -- XSS in replication setup
2011-12-22	phpMyAdmin -- Multiple XSS
2011-12-01	phpMyAdmin -- Multiple XSS
2011-11-12	phpmyadmin -- Local file inclusion
2011-09-14	phpMyAdmin -- multiple XSS vulnerabilities
2011-08-24	phpMyAdmin -- multiple XSS vulnerabilities
2011-07-24	phpmyadmin -- multiple vulnerabilities
2011-07-03	phpmyadmin -- multiple vulnerabilities
2011-02-11	phpMyAdmin -- multiple vulnerabilities
2010-11-30	phpMyAdmin -- XSS attack in database search
2010-08-21	phpmyadmin -- Several XSS vulnerabilities
2009-10-13	phpmyadmin -- XSS and SQL injection vulnerabilities
2009-06-30	phpmyadmin -- XSS vulnerability
2009-04-15	phpmyadmin -- insufficient output sanitizing when generating configuration file
2009-03-25	phpmyadmin -- insufficient output sanitizing when generating configuration file
2008-12-11	phpmyadmin -- cross-site request forgery vulnerability
2008-10-31	phpmyadmin -- Cross-Site Scripting Vulnerability
2008-09-23	phpmyadmin -- Cross-Site Scripting Vulnerability
2008-09-17	phpmyadmin -- Code execution vulnerability
2008-07-18	phpmyadmin -- cross site request forgery vulnerabilities
2008-06-28	phpmyadmin -- Cross Site Scripting Vulnerabilities
2008-04-24	phpmyadmin -- Shared Host Information Disclosure
2008-04-24	phpmyadmin -- Username/Password Session File Information Disclosure
2008-03-04	phpmyadmin -- SQL injection vulnerability
2007-11-11	phpmyadmin -- cross-site scripting vulnerability
2007-10-17	phpmyadmin -- cross-site scripting vulnerability
2007-10-16	phpmyadmin -- cross-site scripting vulnerability
2006-10-02	phpmyadmin -- XSRF vulnerabilities
2006-07-03	phpmyadmin -- cross site scripting vulnerability
2006-05-21	phpmyadmin -- XSRF vulnerabilities
2006-04-06	phpmyadmin -- 'set_theme' Cross-Site Scripting
2006-04-06	phpmyadmin -- XSS vulnerabilities
2005-12-07	phpmyadmin -- register_globals emulation "import_blacklist" manipulation
2005-12-07	phpmyadmin -- XSS vulnerabilities
2005-11-16	phpmyadmin -- HTTP Response Splitting vulnerability
2005-10-11	phpmyadmin -- local file inclusion vulnerability
2005-07-31	phpmyadmin -- cross site scripting vulnerability
2005-03-15	phpmyadmin -- increased privilege vulnerability
2005-03-08	phpmyadmin -- arbitrary file include and XSS vulnerabilities
2005-03-08	phpmyadmin -- information disclosure vulnerability
2004-12-15	phpmyadmin -- command execution vulnerability
2004-12-15	phpmyadmin -- file disclosure vulnerability
2004-11-20	phpMyAdmin -- cross-site scripting vulnerabilities
2004-10-20	phpmyadmin -- remote command execution vulnerability
2004-07-02	Remote code injection in phpMyAdmin
2004-02-22	file disclosure in phpMyAdmin