CVE-2014-8960
https://notcve.org/view.php?id=CVE-2014-8960
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Vulnerabilidad de XSS en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de fichero manipulado. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php http://www.securityfocus.com/bid/71244 https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233 https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8961
https://notcve.org/view.php?id=CVE-2014-8961
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. Vulnerabilidad de salto de directorio en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados obtener información potencialmente sensible sobre el recuento de líneas de un fichero a través de un parámetro manipulado. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php http://www.securityfocus.com/bid/71245 https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994 https://security.gentoo.org/glsa/201505-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-8326
https://notcve.org/view.php?id=CVE-2014-8326
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.5, 4.1.x anterior a 4.1.14.6, y 4.2.x anterior a 4.2.10.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre manipulado de (1) base de datos o (2) tabla, relacionado con el código libraries/DatabaseInterface.class.php para las salidas de purificación de SQL y el código js/server_status_monitor.js para la página del monitor de servidores. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php http://www.securityfocus.com/bid/70731 https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-7217
https://notcve.org/view.php?id=CVE-2014-7217
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.4, 4.1.x anterior a 4.1.14.5, y 4.2.x anterior a 4.2.9.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor ENUM manipulado que se maneja indebidamente durante la renderización de la página de (1) búsqueda de tablas o (2) estructura de tablas, relacionado con libraries/TableSearch.class.php y libraries/Util.class.php. • http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html http://secunia.com/advisories/61777 http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php http://www.securityfocus.com/bid/70252 https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448 https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6300
https://notcve.org/view.php?id=CVE-2014-6300
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. Vulnerabilidad de XSS en la implementación micro history en phpMyAdmin 4.0.x anterior a 4.0.10.3, 4.1.x anterior a 4.1.14.4, y 4.2.x anterior a 4.2.8.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios , y como consecuencia realizar un ataque de CSRF para crear una cuenta root, a través de una URL manipulada, relacionado con js/ajax.js. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php http://www.securityfocus.com/bid/69790 https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •