phpMyAdmin 3.5.x - 4.0.x < 4.0.5 'Header.class.php' Clickjacking Bypass

Binary data 8150.prm...

phpMyAdmin 3.3.1 - 4.1.6 XSS

Binary data 8151.prm...

phpMyAdmin 3.5.x < 3.5.8.2 / 4.0.x < 4.0.4.2 Multiple Vulnerabilities

Binary data 8144.prm...

phpMyAdmin 3.x >= 3.3.1 / 4.x < 4.1.7 import.php XSS (PMASA-2014-1)

According to its self-identified version number, the phpMyAdmin install hosted on the remote web server is 3.x later than 3.3.1 or 4.x prior to 4.1.7. It is, therefore, affected by a cross-site scripting vulnerability because the 'import.php' script does not properly sanitize the filenames of...

MGASA-2014-0099 Updated phpseclib and phpmyadmin packages fix security vulnerability

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action CVE-2014-1879. This upgrade provides the latest phpmyadmin version 4.1.8 to address this vulnerabilit...

Updated phpseclib and phpmyadmin packages fix security vulnerability

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action CVE-2014-1879. This upgrade provides the latest phpmyadmin version 4.1.8 to address this vulnerabilit...

phpMyAdmin 'import.php'跨站脚本漏洞

BUGTRAQ ID: 65717 CVECAN ID: CVE-2014-1879 phpmyadmin是MySQL数据库的在线管理工具，主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 攻击者可能会利用漏洞在受影响站点上下文的不知情用户浏览器中执行任意脚本代码。这可以允许攻击者窃取基于cookie的认证证书，并发动其他攻击。 0 phpMyAdmin phpMyAdmin 3.4.9 phpMyAdmin phpMyAdmin 3.4.8 phpMyAdmin phpMyAdmin 3.4.6 phpMyAdmin phpMyAdmin 3.4.3...

PHPMyAdmin Misconfiguration Remote Code Injection (CVE-2009-1151)

A Code Injection vulnerability has been reported in PhpMyAdmin. The vulnerability is due to misconfiguration of PhpMyAdmin server. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in attacker-controlled script...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:046)

A vulnerability has been discovered and corrected in phpmyadmin : Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action CVE-2014-1879. This upgrade provide...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

DEBIAN-CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

Cross site scripting

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

UBUNTU-CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

CVE-2014-1879 concerns phpMyAdmin prior to 4.1.7, where an XSS vulnerability exists in the import.php action. The issue arises from how a crafted filename in an import action is processed, enabling a remote authenticated user to inject arbitrary web script or HTML. The vulnerability affects phpMy...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

FreeBSD : phpMyAdmin -- Self-XSS due to unescaped HTML output in import. (0871d18b-9638-11e3-a371-6805ca0b3d42)

The phpMyAdmin development team reports : When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

Self-XSS due to unescaped HTML output in import.

PMASA-2014-1 Announcement-ID: PMASA-2014-1 Date: 2014-02-15 Summary Self-XSS due to unescaped HTML output in import. Description When importing a file with crafted filename, it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation factor This...