CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

CVE-2014-8959

Directory traversal vulnerability in libraries/gis/GISFactory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter...

CVE-2014-8960

Cross-site scripting XSS vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

CVE-2014-8961

Directory traversal vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter...

CVE-2014-8959

CVE-2014-8959 affects phpMyAdmin GIS editor: directory traversal in libraries/gis/GIS_Factory.class.php allows remote authenticated users to include/execute local files via a crafted geometry-type parameter. Affected versions are phpMyAdmin 4.0.x<4.0.10.6, 4.1.x<4.1.14.7, and 4.2.x

CVE-2014-8960

CVE-2014-8960 is a cross-site scripting flaw in phpMyAdmin’s error-reporting, exploitable by a remote authenticated user via a crafted filename. It affects phpMyAdmin 4.1.x prior to 4.1.14.7 and 4.2.x prior to 4.2.12, with the issue located in libraries/error_report.lib.php. The vulnerability all...

CVE-2014-8961

The CVE-2014-8961 entry affects phpMyAdmin 4.1.x (before 4.1.14.7) and 4.2.x (before 4.2.12). The vulnerability is a directory traversal in libraries/error_report.lib.php within the error-reporting feature, enabling remote authenticated users to obtain potentially sensitive information about a fi...

CVE-2014-8958

CVE-2014-8958 affects phpMyAdmin, with XSS vulnerabilities in multiple render paths: table browse (database/table/column names), table print view, zoom search, and the home page cookie pma_fontsize. The issue stems from improper handling during rendering in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x...

CVE-2014-8959

Directory traversal vulnerability in libraries/gis/GISFactory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter...

CVE-2014-8961

Directory traversal vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter...

CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

[CVE-2 0 1 4-8 9 5 9] phpmyadmin arbitrary file include vulnerability analysis with presentation-vulnerability warning-the black bar safety net

0x01 vulnerability description phpmyadmin is a widely used mysql database management software, based on PHP development. Latest CVE-2 0 1 4-8 9 5 9 announcement, mentioned the program several versions exist of any of the files containing the vulnerability, affected versions are as follows:...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:228)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : - Multiple XSS vulnerabilities CVE-2014-8958. - Local file inclusion vulnerability CVE-2014-8959. - XSS vulnerability in error reporting functionality CVE-2014-8960. - Leakage of line count of an arbitrary file...

phpMyAdmin 4.0.x < 4.0.10.6 / 4.1.x < 4.1.14.7 / 4.2.x < 4.2.12 Multiple Vulnerabilities (PMASA-2014-13 - PMASA-2014-16)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.6, 4.1.x prior to 4.1.14.7, or 4.2.x prior to 4.2.12. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting vulnerability in the zoom...

Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page, with a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoo...

phpMyAdmin 4.0.x < 4.0.10.6 / 4.1.x < 4.1.14.7 / 4.2.x < 4.2.12 Multiple Vulnerabilities (PMASA-2014-13 through 16)

Binary data 8583.prm...

FreeBSD : phpMyAdmin -- XSS and information disclosure vulnerabilities (a5d4a82a-7153-11e4-88c7-6805ca0b3d42)

The phpMyAdmin development team reports : - With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. - With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages. - With a crafted value for...

Local file inclusion vulnerability.

PMASA-2014-14 Announcement-ID: PMASA-2014-14 Date: 2014-11-20 Summary Local file inclusion vulnerability. Description In the GIS editor feature, a parameter specifying the geometry type was not correcly validated, opening the door to a local file inclusion attack. Severity We consider this...

Multiple XSS vulnerabilities.

PMASA-2014-13 Announcement-ID: PMASA-2014-13 Date: 2014-11-20 Summary Multiple XSS vulnerabilities. Description With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the...

Leakage of line count of an arbitrary file.

PMASA-2014-16 Announcement-ID: PMASA-2014-16 Date: 2014-11-20 Summary Leakage of line count of an arbitrary file. Description In the error reporting feature, a parameter specifying the file was not correctly validated, allowing the attacker to derive the line count of an arbitrary file. Severity ...