4627 matches found
PhpMyAdmin 2.x sql.php pos Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could...
phpMyAdmin 4.1.x < 4.1.14.1, 4.2.x < 4.2.4 Multiple XSS
Binary data 8316.prm...
Updated phpmyadmin packages fix CVE-2014-4349
Updated phpmyadmin packages fix security vulnerability: In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding or unhiding a crafted table name in the navigation, due to unescaped HTML output in the navigation items hiding feature. Note that this vulnerability can only be...
phpMyAdmin 4.1.x < 4.1.14.1 / 4.2.x < 4.2.4 Navigation Hiding Items Multiple XSS (PMASA-2014-3)
According to its self-reported version number, the phpMyAdmin install hosted on the remote web server is 4.1.x prior to 4.1.14.1 or 4.2.x prior to 4.2.4. It is, therefore, affected by multiple cross-site scripting vulnerabilities. The flaws exist due to user input not being validated in a crafted...
phpMyAdmin 4.2.x < 4.2.4 Recent/Favorite Table Navigation Multiple XSS (PMASA-2014-2)
According to its self-reported version number, the phpMyAdmin install hosted on the remote web server is 4.2.x prior to 4.2.4. It is, therefore, affected by multiple cross-site scripting vulnerabilities. The flaws exist due to user input not being validated in a crafted database or table name aft...
CVE-2014-4348
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly handled after presence in a the favorite list or b recent tables...
CVE-2014-4349
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a 1 hide or 2 unhide action...
DEBIAN-CVE-2014-4349
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a 1 hide or 2 unhide action...
CVE-2014-4349
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a 1 hide or 2 unhide action...
CVE-2014-4348
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly handled after presence in a the favorite list or b recent tables...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a 1 hide or 2 unhide action...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly handled after presence in a the favorite list or b recent tables...
CVE-2014-4348
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly handled after presence in a the favorite list or b recent tables...
CVE-2014-4349
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a 1 hide or 2 unhide action...
CVE-2014-4348
phpMyAdmin 4.2.x is affected by multiple XSS vulnerabilities (CVE-2014-4348) where remote authenticated attackers can inject arbitrary scripts via crafted database or table names stored in the favorites list or recent tables. Root cause: improper handling of names in those lists. Affected product...
CVE-2014-4349
CVE-2014-4349 affects phpMyAdmin 4.1.x up to 4.1.14.1 and 4.2.x up to 4.2.4. Root cause: improper handling of table names during hide/unhide actions leads to cross-site scripting (XSS). Impact: remote authenticated users can inject arbitrary web script or HTML. Remediation: upgrade to 4.1.14.1 or...
CVE-2014-4348
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly handled after presence in a the favorite list or b recent tables...
CVE-2014-4349
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a 1 hide or 2 unhide action...
FreeBSD : phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names (c4892644-f8c6-11e3-9f45-6805ca0b3d42)
The phpMyAdmin development team reports : Self-XSS due to unescaped HTML output in recent/favorite tables navigation. When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who...
phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names
The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in recent/favorite tables navigation. When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who...