Risk of BREACH attack due to reflected parameter.

PMASA-2015-1 Announcement-ID: PMASA-2015-1 Date: 2015-03-04 Summary Risk of BREACH attack due to reflected parameter. Description With a large number of crafted requests it was possible to infer the CSRF token by a BREACH attack. Severity We consider this vulnerability to be non critical...

phpMyAdmin -- Risk of BREACH attack due to reflected parameter

The phpMyAdmin development team reports: Risk of BREACH attack due to reflected parameter. With a large number of crafted requests it was possible to infer the CSRF token by a BREACH attack. Mitigation factor: this vulnerability can only be exploited in the presence of another vulnerability that...

Fedora Update for phpMyAdmin FEDORA-2014-15588

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for phpMyAdmin FEDORA-2014-16327

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2015-00060)

phpMyAdmin is an online management tool for MySQL databases. Its main functions include creating data tables online, running SQL statements, searching and querying data, and importing and exporting data. Multiple cross-site scripting vulnerabilities in phpMyAdmin version 3.4.x before 3.4.5 allow...

CVE-2011-3592

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

CVE-2011-3592

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

CVE-2011-3591

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

CVE-2011-3591

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

CVE-2011-3592

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

CVE-2011-3591

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

CVE-2011-3592

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

CVE-2011-3591

CVE-2011-3591 describes multiple XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5. An authenticated user can inject arbitrary script/HTML via a crafted row that triggers an improperly constructed confirmation message after inline editing and save operations, related to the files js/functions....

CVE-2011-3592

CVE-2011-3592 affects phpMyAdmin 3.4.x prior to 3.4.5. The issue is an XSS in PMA_unInlineEditRow (js/sql.js) that allows remote authenticated users to inject arbitrary script/HTML via the database name, table name, or column name after an inline-edit operation. Exploitation details are not provi...

CVE-2011-3591

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

phpMyAdmin Denial-of-Service Vulnerability -01 (Dec 2014)

phpMyAdmin is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[ MDVSA-2014:243 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:243 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : December 14, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

phpMyAdmin 4.x < 4.2.13.1 'url.php' XSS Vulnerability (Dec 2014)

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1636-1)

phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8. This update fixes one vulnerability. - Security fixes : - PMASA-2014-17 CVE-2014-9218, CWE-661 CWE-400 boo908363 http://www.phpmyadmin.net/homepage/security/PMASA-2014- 17.php - sf4611 security DOS attack with long passwords phpMyAdmin...