4627 matches found
CVE-2013-4997
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
CVE-2013-4996
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...
CVE-2013-5001
Cross-site scripting XSS vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a...
Updated phpmyadmin packages fix security vulnerabilities
Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...
FreeBSD : phpMyAdmin -- multiple vulnerabilities (f4a0212f-f797-11e2-9bb9-6805ca0b3d42)
The phpMyAdmin development team reports : XSS due to unescaped HTML Output when executing a SQL query. 5 XSS vulnerabilities in setup, chart display, process list, and logo link. If a crafted version.json would be presented, an XSS could be introduced. Full path disclosure vulnerabilities. XSS...
phpMyAdmin -- multiple vulnerabilities
The phpMyAdmin development team reports: XSS due to unescaped HTML Output when executing a SQL query. 5 XSS vulnerabilities in setup, chart display, process list, and logo link. If a crafted version.json would be presented, an XSS could be introduced. Full path disclosure vulnerabilities. XSS...
XSS vulnerability when a text to link transformation is used.
PMASA-2013-13 Announcement-ID: PMASA-2013-13 Date: 2013-07-28 Updated: 2013-07-30 Summary XSS vulnerability when a text to link transformation is used. Description When the TextLinkTransformationPlugin is used to create a link to an object when displaying the contents of a table, the object name ...
Full path disclosure vulnerabilities.
PMASA-2013-12 Announcement-ID: PMASA-2013-12 Date: 2013-07-28 Updated: 2013-07-30 Summary Full path disclosure vulnerabilities. Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains...
XSS due to unescaped HTML Output when executing a SQL query.
PMASA-2013-8 Announcement-ID: PMASA-2013-8 Date: 2013-07-28 Updated: 2013-07-30 Summary XSS due to unescaped HTML Output when executing a SQL query. Description Using a crafted SQL query, it was possible to produce an XSS on the SQL query form. Severity We consider these vulnerabilities to be non...
5 XSS vulnerabilities in setup, chart display, process list, and logo link.
PMASA-2013-9 Announcement-ID: PMASA-2013-9 Date: 2013-07-28 Updated: 2013-07-30 Summary 5 XSS vulnerabilities in setup, chart display, process list, and logo link. Description In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display...
Self-XSS due to unescaped HTML output in schema export.
PMASA-2013-14 Announcement-ID: PMASA-2013-14 Date: 2013-07-28 Updated: 2013-07-30 Summary Self-XSS due to unescaped HTML output in schema export. Description When calling schemaexport.php with crafted parameters, it is possible to trigger an XSS. Severity We consider this vulnerability to be non...
SQL injection vulnerabilities, producing a privilege escalation (control user).
PMASA-2013-15 Announcement-ID: PMASA-2013-15 Date: 2013-07-28 Updated: 2013-08-06 Summary SQL injection vulnerabilities, producing a privilege escalation control user. Description Due to a missing validation of parameters passed to schemaexport.php and pmdpdf.php, it was possible to inject SQL...
phpMyAdmin 3.5.x < 3.5.8.1 / 4.x < 4.0.0-rc3 Multiple Vulnerabilities
Binary data 6933.prm...
[Netsparker v3.0.2.0 Community Edition] Web Application Security Scanner
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...
phpMyAdmin 4.0.x < 4.0.3 'view_create.php' XSS
Binary data 6919.prm...
phpMyAdmin <= 4.0.4.1 import.php GLOBALS变量注入漏洞
CVECAN ID: CVE-2013-4729 phpmyadmin是MySQL数据库的在线管理工具,主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 4.0.4.1之前版本内的import.php没有正确限制文件格式定义数据输入权限,可使经过身份验证的远程用户修改GLOBALS超级全局数组,然后通过特制的请求更改配置。 0 phpMyAdmin = 4.0.4.1 厂商补丁: phpMyAdmin ---------- phpMyAdmin已经为此发布了一个安全公告(PMASA-2013-7)以及相应补丁:...
phpMyAdmin 4.x < 4.0.3 XSS (PMASA-2013-6)
According to its self-identified version number, the phpMyAdmin 4.x install hosted on the remote web server is earlier than 4.0.3. It is, therefore, affected by a cross-site scripting vulnerability related to the Create View page. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
phpMyAdmin 4.x < 4.0.4.1 import.php GLOBALS Variable Injection Configuration Parameter Manipulation (PMASA-2013-7)
According to its self-identified version number, the phpMyAdmin 4.x install hosted on the remote web server is earlier than 4.0.4.1 and, therefore, contains a flaw where the 'import.php' script does not properly sanitize input. This could allow attackers to inject arbitrary GLOBALS variables and...
phpMyAdmin 4.0.x < 4.0.4.1 'import.php' Security Vulnerability
Binary data 6917.prm...