CVE-2011-4780

Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...

CVE-2011-4780

The CVE-2011-4780 issue affects phpMyAdmin 3.4.x (pre-3.4.9). It is a set of cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php that allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters used by the export panels (server, database, ta...

CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

CVE-2011-4782

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

CVE-2011-4634

CVE-2011-4634 affects phpMyAdmin 3.4.x prior to 3.4.8, enabling multiple self-XSS vulnerabilities through crafted inputs in database names, SQL queries, and column types across the Database Synchronize/Rename, Table Overview, View Creation, and Create Index dialogs. Exploitation would rely on unt...

phpMyAdmin 3.4.8 Cross Site Scripting

Trustwave's SpiderLabs Security Advisory TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin https://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt Published: 12/22/11 Version: 1.0 Vendor: phpMyAdmin http://www.phpmyadmin.net/ Product: phpMyAdmin Version affected: 3.4.8 and...

phpMyAdmin 3.4.x < 3.4.9 XSS (PMASA-2011-19 - PMASA-2011-20)

The version of phpMyAdmin hosted on the remote web server is 3.4.x less than 3.4.9 and thus is reportedly affected by two cross-site scripting vulnerabilities : - The 'libraries/displayexport.lib.php' script does not properly sanitize the '$GET' array elements 'limitto', 'limitfrom' and...

XSS in setup.

PMASA-2011-19 Announcement-ID: PMASA-2011-19 Date: 2011-12-21 Summary XSS in setup. Description Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Severity We consider this...

XSS in export.

PMASA-2011-20 Announcement-ID: PMASA-2011-20 Date: 2011-12-21 Summary XSS in export. Description Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. Severity We consider these vulnerabilities to be non critical. Mitigation...

phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 Multiple Vulnerabilities (PMASA-2011-5 - PMASA-2011-8)

The remote host contains a version of phpMyAdmin - 3.3.x less than 3.3.10.2 or 3.4.x less than 3.4.3.1 - that is affected by multiple vulnerabilities : - An error in the file 'libraries/auth/swekey/swekey.auth.lib.php' allows an attacker to modify the 'SESSION' superglobal array. CVE-2011-2505 - ...

Fedora Update for phpMyAdmin FEDORA-2011-16786

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2011-16786 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

phpMyAdmin 3.4.8之前版本多个跨站脚本执行漏洞

BUGTRAQ ID: 51099 CVE ID: CVE-2011-4634 phpMyAdmin是一个用PHP编写的，可以通过web方式控制和操作MySQL数据库。 phpMyAdmin 3.4.8之前版本在实现上存在多个跨站脚本执行漏洞，远程攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码，窃取Cookie身份验证凭证。 使用特制的数据库名称，可能会在数据库同步和数据库重命名面板中执行XSS。使用无效的和特制的SQL查询，在表格全览面板上编辑查询时造成XSS或在使用创建视图对话框时执行XSS。使用特制的列类型，可能在表格搜索或创建索引对话框时执行XSS 0...

phpMyAdmin 3.4.x < 3.4.8 XSS (PMASA-2011-18)

The version of phpMyAdmin hosted on the remote server is 3.4.x prior to 3.4.8 and is affected by a cross-site scripting vulnerability. The database name is not properly sanitized in the file 'js/dboperations.js' when attempting to rename a database. Note that this version is reportedly affected b...

Fedora Update for phpMyAdmin FEDORA-2011-16786

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 15 : phpMyAdmin-3.4.8-1.fc15 (2011-16786)

Changes for 3.4.8.0 2011-12-01 : - interface enum data split at space char more space to edit - interface ENUM/SET editor can't handle commas in values - interface no links to browse/empty views and tables - interface Deleted search results remain visible - import ODS import ignores memory limits...

Fedora 16 : phpMyAdmin-3.4.8-1.fc16 (2011-16768)

Changes for 3.4.8.0 2011-12-01 : - interface enum data split at space char more space to edit - interface ENUM/SET editor can't handle commas in values - interface no links to browse/empty views and tables - interface Deleted search results remain visible - import ODS import ignores memory limits...

[SECURITY] Fedora 16 Update: phpMyAdmin-3.4.8-1.fc16

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.8-1.fc15

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

phpMyAdmin -- Multiple XSS

The phpMyAdmin development team reports: Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS...