phpMyAdmin 3.x >= 3.3.1 / 4.x < 4.1.7 import.php XSS (PMASA-2014-1)

According to its self-identified version number, the phpMyAdmin install hosted on the remote web server is 3.x later than 3.3.1 or 4.x prior to 4.1.7. It is, therefore, affected by a cross-site scripting vulnerability because the 'import.php' script does not properly sanitize the filenames of...

Updated phpseclib and phpmyadmin packages fix security vulnerability

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action CVE-2014-1879. This upgrade provides the latest phpmyadmin version 4.1.8 to address this vulnerabilit...

phpMyAdmin 'import.php'跨站脚本漏洞

BUGTRAQ ID: 65717 CVECAN ID: CVE-2014-1879 phpmyadmin是MySQL数据库的在线管理工具，主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 攻击者可能会利用漏洞在受影响站点上下文的不知情用户浏览器中执行任意脚本代码。这可以允许攻击者窃取基于cookie的认证证书，并发动其他攻击。 0 phpMyAdmin phpMyAdmin 3.4.9 phpMyAdmin phpMyAdmin 3.4.8 phpMyAdmin phpMyAdmin 3.4.6 phpMyAdmin phpMyAdmin 3.4.3...

PHPMyAdmin Misconfiguration Remote Code Injection (CVE-2009-1151)

A Code Injection vulnerability has been reported in PhpMyAdmin. The vulnerability is due to misconfiguration of PhpMyAdmin server. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in attacker-controlled script...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:046)

A vulnerability has been discovered and corrected in phpmyadmin : Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action CVE-2014-1879. This upgrade provide...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

Cross site scripting

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

UBUNTU-CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

CVE-2014-1879 concerns phpMyAdmin prior to 4.1.7, where an XSS vulnerability exists in the import.php action. The issue arises from how a crafted filename in an import action is processed, enabling a remote authenticated user to inject arbitrary web script or HTML. The vulnerability affects phpMy...

FreeBSD : phpMyAdmin -- Self-XSS due to unescaped HTML output in import. (0871d18b-9638-11e3-a371-6805ca0b3d42)

The phpMyAdmin development team reports : When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

phpMyAdmin -- Self-XSS due to unescaped HTML output in import.

The phpMyAdmin development team reports: When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical...

Self-XSS due to unescaped HTML output in import.

PMASA-2014-1 Announcement-ID: PMASA-2014-1 Date: 2014-02-15 Summary Self-XSS due to unescaped HTML output in import. Description When importing a file with crafted filename, it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation factor This...

phpMYAdmin goto Parameter PHP Code Execution - Ver2 (CVE-2001-0478)

A code execution vulnerability has been reported in phpMYAdmin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

phpMYAdmin goto Parameter PHP Code Execution - Ver2 (CVE-2001-0478)

A code execution vulnerability has been reported in phpMYAdmin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

SuSE Update for update openSUSE-SU-2013:1343-1 (update)

Check for the Version of update OpenVAS Vulnerability Test $Id: gbsuse201313431.nasl 8509 2018-01-24 06:57:46Z teissa $ SuSE Update for update openSUSE-SU-2013:1343-1 update Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program ...

openSUSE: Security Advisory for update (openSUSE-SU-2013:1343-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for phpMyAdmin FEDORA-2013-18802

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2013-18802 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...