4627 matches found
CVE-2014-4987
serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...
DEBIAN-CVE-2014-4986
Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...
CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
DEBIAN-CVE-2014-4987
serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...
DEBIAN-CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
CVE-2014-4987
serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...
CVE-2014-4954
Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...
CVE-2014-4986
Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...
Cross site scripting
Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...
Cross site scripting
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...
CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
UBUNTU-CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
UBUNTU-CVE-2014-4986
Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...
CVE-2014-4954
Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...
CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
CVE-2014-4986
Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...
CVE-2014-4987
serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...
CVE-2014-4954
CVE-2014-4954: In phpMyAdmin 4.2.x before 4.2.6, the PMA_getHtmlForActionLinks function in libraries/structure.lib.php is vulnerable to cross-site scripting. Remote authenticated users can inject arbitrary script/HTML via a crafted table comment during the database structure page construction. A ...
CVE-2014-4955
CVE-2014-4955 affects phpMyAdmin through the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php, enabling an XSS via a crafted trigger name on the database triggers page. Vulnerable are phpMyAdmin 4.0.x prior to 4.0.10.1, 4.1.x prior to 4.1.14.2, and 4.2.x prior to 4.2.6. The vulner...