CVE-2014-4955

CVE-2014-4955 affects phpMyAdmin through the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php, enabling an XSS via a crafted trigger name on the database triggers page. Vulnerable are phpMyAdmin 4.0.x prior to 4.0.10.1, 4.1.x prior to 4.1.14.2, and 4.2.x prior to 4.2.6. The vulner...

FreeBSD : phpMyAdmin -- multiple XSS vulnerabilities, missing validation (3f09ca29-0e48-11e4-b17a-6805ca0b3d42)

The phpMyAdmin development team reports : Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...

phpMyAdmin -- multiple XSS vulnerabilities, missing validation

The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...

Access for an unprivileged user to MySQL user list.

PMASA-2014-7 Announcement-ID: PMASA-2014-7 Date: 2014-07-17 Summary Access for an unprivileged user to MySQL user list. Description An unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them. Severity We consider this vulnerability to be non...

Self-XSS due to unescaped HTML output in database structure page.

PMASA-2014-4 Announcement-ID: PMASA-2014-4 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database structure page. Description With a crafted table comment, it is possible to trigger an XSS in database structure page. Severity We consider this vulnerability to be non critical...

Multiple XSS in AJAX confirmation messages.

PMASA-2014-6 Announcement-ID: PMASA-2014-6 Date: 2014-07-17 Summary Multiple XSS in AJAX confirmation messages. Description With a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when...

Self-XSS due to unescaped HTML output in database triggers page.

PMASA-2014-5 Announcement-ID: PMASA-2014-5 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database triggers page. Description When navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name. Severity We consider this vulnerability t...

Debian DSA-2975-1 : phpmyadmin - security update

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. -...

phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...

phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...

[SECURITY] [DSA 2975-1] phpmyadmin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2975-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 09, 2014 http://www.debian.org/security/faq -...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:126)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly...

Debian Security Advisory DSA 2975-1 (phpmyadmin - security update)

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. CVE-2013-49...

DSA-2975-1 phpmyadmin - security update

Bulletin has no description...

DLA-0014-1 phpmyadmin - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2975-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WDC前台getshell一枚

简要描述： 广告位：codescan.cn 呵呵 详细说明： mysql/adduser.php 这个文件没有验证权限（其实是验证的，不知道为什么被注释了） 那么我们可以利用这个添加一个mysql的账户 但是不能外连，只能localhost，貌似没什么用 database可以抓包篡改的 观众：这又个jB用 别急，朋友 wdcp下面有一个phpmyadmin 直接访问，http://xxx：8080/phpmyadmin 提示输入mysql账号密码 上面我们正好能加一个MySQL、用户...

PHPMyAdmin 2.x Convcharset Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12982/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'convcharset' parameter. phpMyAdmin versions prior to 2.6.2-rc1 are affected by this...

phpMyAdmin <= 3.0.1 'pmd_pdf.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31928/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

XAMPP Insecure Default Password Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13131/info An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords. An attacker may leverage this issue to gain...