FreeBSD : phpMyAdmin -- multiple XSS vulnerabilities, missing validation (3f09ca29-0e48-11e4-b17a-6805ca0b3d42)

The phpMyAdmin development team reports : Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...

phpMyAdmin -- multiple XSS vulnerabilities, missing validation

The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in database structure page. With a crafted table comment, it is possible to trigger an XSS in database structure page. Self-XSS due to unescaped HTML output in database triggers page. When navigating into the database...

Self-XSS due to unescaped HTML output in database triggers page.

PMASA-2014-5 Announcement-ID: PMASA-2014-5 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database triggers page. Description When navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name. Severity We consider this vulnerability t...

Self-XSS due to unescaped HTML output in database structure page.

PMASA-2014-4 Announcement-ID: PMASA-2014-4 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database structure page. Description With a crafted table comment, it is possible to trigger an XSS in database structure page. Severity We consider this vulnerability to be non critical...

Access for an unprivileged user to MySQL user list.

PMASA-2014-7 Announcement-ID: PMASA-2014-7 Date: 2014-07-17 Summary Access for an unprivileged user to MySQL user list. Description An unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them. Severity We consider this vulnerability to be non...

Multiple XSS in AJAX confirmation messages.

PMASA-2014-6 Announcement-ID: PMASA-2014-6 Date: 2014-07-17 Summary Multiple XSS in AJAX confirmation messages. Description With a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when...

Debian DSA-2975-1 : phpmyadmin - security update

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. -...

phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...

phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...

[SECURITY] [DSA 2975-1] phpmyadmin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2975-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 09, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2975-1 (phpmyadmin - security update)

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. CVE-2013-49...

DSA-2975-1 phpmyadmin - security update

Bulletin has no description...

DLA-0014-1 phpmyadmin - security update

Bulletin has no description...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:126)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly...

Debian: Security Advisory (DSA-2975-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WDC前台getshell一枚

简要描述： 广告位：codescan.cn 呵呵 详细说明： mysql/adduser.php 这个文件没有验证权限（其实是验证的，不知道为什么被注释了） 那么我们可以利用这个添加一个mysql的账户 但是不能外连，只能localhost，貌似没什么用 database可以抓包篡改的 观众：这又个jB用 别急，朋友 wdcp下面有一个phpmyadmin 直接访问，http://xxx：8080/phpmyadmin 提示输入mysql账号密码 上面我们正好能加一个MySQL、用户...

phpMyAdmin <= 2.11.1 Server_Status.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26301/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

PhpMyAdmin 2.x db_create.php db Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could...

phpMyAdmin 2.x External Transformations Remote Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/11886/info phpMyAdmin is reported prone to multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands and disclose files on a vulnerable computer. These issues result from...

phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities

No description provided by source. waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind waraxe Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html...