CVE-2014-4987

CVE-2014-4987 affects phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6, allowing remote authenticated users to bypass access restrictions and read the MySQL user list via a viewUsers request. Affected products are phpMyAdmin components handling user views; root cause is improper access con...

CVE-2014-4986

phpMyAdmin: CVE-2014-4986 summary — Multiple XSS vulnerabilities in js/functions.js affect phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6. The issue arises from improper handling when constructing an AJAX confirmation message, allowing remote authenticated users t...

CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

CVE-2014-4954

Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...

CVE-2014-4986

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

CVE-2014-4955

Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...

FreeBSD : phpMyAdmin -- multiple XSS vulnerabilities, missing validation (3f09ca29-0e48-11e4-b17a-6805ca0b3d42)

The phpMyAdmin development team reports : Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...

phpMyAdmin -- multiple XSS vulnerabilities, missing validation

The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...

Self-XSS due to unescaped HTML output in database triggers page.

PMASA-2014-5 Announcement-ID: PMASA-2014-5 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database triggers page. Description When navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name. Severity We consider this vulnerability t...

Self-XSS due to unescaped HTML output in database structure page.

PMASA-2014-4 Announcement-ID: PMASA-2014-4 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database structure page. Description With a crafted table comment, it is possible to trigger an XSS in database structure page. Severity We consider this vulnerability to be non critical...

Multiple XSS in AJAX confirmation messages.

PMASA-2014-6 Announcement-ID: PMASA-2014-6 Date: 2014-07-17 Summary Multiple XSS in AJAX confirmation messages. Description With a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when...

Access for an unprivileged user to MySQL user list.

PMASA-2014-7 Announcement-ID: PMASA-2014-7 Date: 2014-07-17 Summary Access for an unprivileged user to MySQL user list. Description An unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them. Severity We consider this vulnerability to be non...

Debian DSA-2975-1 : phpmyadmin - security update

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. -...

phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...

phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...

[SECURITY] [DSA 2975-1] phpmyadmin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2975-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 09, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2975-1 (phpmyadmin - security update)

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. CVE-2013-49...

DLA-0014-1 phpmyadmin - security update

Bulletin has no description...

DSA-2975-1 phpmyadmin - security update

Bulletin has no description...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:126)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly...