CVE-2014-9219
https://notcve.org/view.php?id=CVE-2014-9219
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de XSS en la caracteristica de redirección en url.php en phpMyAdmin 4.2.x anterior a 4.2.13.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro url. • http://www.mandriva.com/security/advisories?name=MDVSA-2014:243 http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php https://exchange.xforce.ibmcloud.com/vulnerabilities/99137 https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8958
https://notcve.org/view.php?id=CVE-2014-8958
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.6, 4.1.x anterior a 4.1.14.7, y 4.2.x anterior a 4.2.12 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de (1) una base de datos manipulada, (2) una tabla manipulada o (3) un nombre de columna manipulado que se maneja indebidamente durante el renderazación de la página del navegador de tablas; un valor ENUM manipulado que se maneja indebidamente durante la renderización de (4) la visualización de la impresión de tablas o (5) la página de búsqueda del zoom; o (6) una cookie pma_fontsize manipulada que se maneja indebidamente durante la renderización de la página de inicio. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.debian.org/security/2015/dsa-3382 http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php http://www.securityfocus.com/bid/71243 https://github.com/phpmyadmin/phpmyadmin/commit/1bc04ec95038f2356ad33752090001bf1c047208 https://github.com/phpmyadmin/phpmyadmin/commit/2a3b7393d1d5a8ba0543699df94a08a0f5728fe0 https://github.com/phpmyadmin/phpmyadmin/commit/2ffdbf2d7daa0b92541d8b754e2afac55 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8959
https://notcve.org/view.php?id=CVE-2014-8959
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. Vulnerabilidad de salto de directorio en libraries/gis/GIS_Factory.class.php en el editor GIS en phpMyAdmin 4.0.x anterior a 4.0.10.6, 4.1.x anterior a 4.1.14.7, y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados incluir y ejecutar ficheros locales arbitrarios a través de un parámetro del tipo 'geometría' manipulado. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php http://www.securityfocus.com/bid/71247 https://github.com/phpmyadmin/phpmyadmin/commit/80cd40b6687a6717860d345d6eb55bef2908e961 https://security.gentoo.org/glsa/201505-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-8960
https://notcve.org/view.php?id=CVE-2014-8960
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Vulnerabilidad de XSS en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de fichero manipulado. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php http://www.securityfocus.com/bid/71244 https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233 https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8961
https://notcve.org/view.php?id=CVE-2014-8961
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. Vulnerabilidad de salto de directorio en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados obtener información potencialmente sensible sobre el recuento de líneas de un fichero a través de un parámetro manipulado. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php http://www.securityfocus.com/bid/71245 https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994 https://security.gentoo.org/glsa/201505-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •