4627 matches found
XSS vulnerability in error reporting functionality.
PMASA-2014-15 Announcement-ID: PMASA-2014-15 Date: 2014-11-20 Summary XSS vulnerability in error reporting functionality. Description With a crafted file name it is possible to trigger an XSS in the error reporting page. Severity We consider this vulnerability to be non critical. Mitigation facto...
phpMyAdmin -- XSS and information disclosure vulnerabilities
The phpMyAdmin development team reports: With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages. With a crafted value for font siz...
CVE-2014-6300
Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...
Cross site request forgery (csrf)
Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...
CVE-2014-6300
Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...
CVE-2014-6300
CVE-2014-6300 affects phpMyAdmin: XSS in micro history implementation and CSRF to create a root account via crafted URLs, vulnerable in phpMyAdmin 4.0.x < 4.0.10.3, 4.1.x < 4.1.14.4, and 4.2.x = 4.0.10.6, >= 4.1.14.7, and >= 4.2.13. The CVSS-like metrics in the NVD entry show MEDIUM s...
CVE-2014-6300
Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...
CVE-2014-8326
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
DEBIAN-CVE-2014-8326
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
CVE-2014-8326
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
CVE-2014-8326
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
CVE-2014-8326
Summary of CVE-2014-8326 (phpMyAdmin XSS): Multiple XSS vulnerabilities affect phpMyAdmin 4.0.x (before 4.0.10.5), 4.1.x (before 4.1.14.6), and 4.2.x (before 4.2.10.1). The issue enables remote authenticated users to inject arbitrary web script or HTML via crafted (1) database name or (2) table n...
CVE-2014-8326
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to Cross-Site Scripting. Release Date: November 5, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 4.18.0, 4.18.1, 4.18.2 and 4.18.3...
openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1347-1)
phpMyAdmin 4.1.14.6 boo902154 CVE-2014-8326 This release fixes cross-site scripting vulnerabilities in the SQL debug output and server monitor pages. This developer option is not enabled by default. - sf4562 security XSS in debug SQL output - sf4563 security XSS in monitor query analyzer...
[ MDVSA-2014:208 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:208 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : October 24, 2014 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerability: In...
Fedora 21 : phpMyAdmin-4.2.10.1-1.fc21 (2014-13479)
phpMyAdmin 4.2.10.1 2014-10-21 ================================ - security XSS in debug SQL output - security XSS in monitor query analyzer Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora 19 : phpMyAdmin-4.2.10.1-1.fc19 (2014-13504)
phpMyAdmin 4.2.10.1 2014-10-21 ================================ - security XSS in debug SQL output - security XSS in monitor query analyzer Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.10.1-1.fc21
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...