Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2014-0310
HistoryAug 06, 2014 - 12:08 a.m.

Updated phpmyadmin package fixes security vulnerabilities

2014-08-0600:08:48
Gentoo Foundation
advisories.mageia.org
7

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.2%

JSON

In phpMyAdmin before 4.1.14.2, when navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name (CVE-2014-4955). In phpMyAdmin before 4.1.14.2, with a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when dropping or truncating the table in table operations page (CVE-2014-4986). In phpMyAdmin before 4.1.14.2, An unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them (CVE-2014-4987).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchphpmyadmin< 4.1.14.2-1phpmyadmin-4.1.14.2-1.mga3
Mageia4noarchphpmyadmin< 4.1.14.2-1phpmyadmin-4.1.14.2-1.mga4

Related

openvas 6
nessus 6
freebsd 1
securityvulns 2
debiancve 3
cve 3
phpmyadmin 3
github 1
prion 3
osv 1
ubuntucve 3
gentoo 1
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0310)
2022-01-28 00:00:00
phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities (Jul 2014) - Linux
2017-08-18 00:00:00
phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities (Jul 2014) - Windows
2017-08-18 00:00:00
nessus
nessus
phpMyAdmin 4.0.x < 4.0.10.1 / 4.1.x < 4.1.14.2 / 4.2.x < 4.2.6 Multiple Vulnerabilities (PMASA-2014-4 - PMASA-2014-7)
2014-07-30 00:00:00
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:143)
2014-07-31 00:00:00
FreeBSD : phpMyAdmin -- multiple XSS vulnerabilities, missing validation (3f09ca29-0e48-11e4-b17a-6805ca0b3d42)
2014-07-20 00:00:00
freebsd
freebsd
phpMyAdmin -- multiple XSS vulnerabilities, missing validation
2014-07-18 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:143 ] phpmyadmin
2014-10-14 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-10-14 00:00:00
debiancve
debiancve
CVE-2014-4986
2014-07-20 11:12:00
CVE-2014-4987
2014-07-20 11:12:00
CVE-2014-4955
2014-07-20 11:12:00
cve
cve
CVE-2014-4987
2014-07-20 11:12:00
CVE-2014-4986
2014-07-20 11:12:00
CVE-2014-4955
2014-07-20 11:12:00
phpmyadmin
phpmyadmin
Access for an unprivileged user to MySQL user list.
2014-07-17 00:00:00
Multiple XSS in AJAX confirmation messages.
2014-07-17 00:00:00
Self-XSS due to unescaped HTML output in database triggers page.
2014-07-17 00:00:00
github
github
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
2022-05-17 03:20:58
prion
prion
Cross site scripting
2014-07-20 11:12:00
Design/Logic Flaw
2014-07-20 11:12:00
Cross site scripting
2014-07-20 11:12:00
osv
osv
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
2022-05-17 03:20:58
ubuntucve
ubuntucve
CVE-2014-4986
2014-07-20 00:00:00
CVE-2014-4987
2014-07-20 00:00:00
CVE-2014-4955
2014-07-20 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2015-05-31 00:00:00

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.2%

JSON
Related for MGASA-2014-0310
openvas6nessus6freebsd1securityvulns2debiancve3cve3phpmyadmin3github1prion3osv1ubuntucve3gentoo1