CVE-2014-9218 – phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service
https://notcve.org/view.php?id=CVE-2014-9218
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. libraries/common.inc.php en phpMyAdmin 4.0.x anterior a 4.0.10.7, 4.1.x anterior a 4.1.14.8, y 4.2.x anterior a 4.2.13.1 permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de una contraseña larga. • https://www.exploit-db.com/exploits/35539 http://www.debian.org/security/2015/dsa-3382 http://www.mandriva.com/security/advisories?name=MDVSA-2014:243 http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php http://www.securityfocus.com/bid/71434 https://exchange.xforce.ibmcloud.com/vulnerabilities/99140 https://github.com/phpmyadmin/phpmyadmin/commit/095729d81205f15f40d216d25917017da4c2fff8 https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 https://github.com/phpmyadmin • CWE-399: Resource Management Errors •
CVE-2014-9219
https://notcve.org/view.php?id=CVE-2014-9219
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de XSS en la caracteristica de redirección en url.php en phpMyAdmin 4.2.x anterior a 4.2.13.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro url. • http://www.mandriva.com/security/advisories?name=MDVSA-2014:243 http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php https://exchange.xforce.ibmcloud.com/vulnerabilities/99137 https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8958
https://notcve.org/view.php?id=CVE-2014-8958
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.6, 4.1.x anterior a 4.1.14.7, y 4.2.x anterior a 4.2.12 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de (1) una base de datos manipulada, (2) una tabla manipulada o (3) un nombre de columna manipulado que se maneja indebidamente durante el renderazación de la página del navegador de tablas; un valor ENUM manipulado que se maneja indebidamente durante la renderización de (4) la visualización de la impresión de tablas o (5) la página de búsqueda del zoom; o (6) una cookie pma_fontsize manipulada que se maneja indebidamente durante la renderización de la página de inicio. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.debian.org/security/2015/dsa-3382 http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php http://www.securityfocus.com/bid/71243 https://github.com/phpmyadmin/phpmyadmin/commit/1bc04ec95038f2356ad33752090001bf1c047208 https://github.com/phpmyadmin/phpmyadmin/commit/2a3b7393d1d5a8ba0543699df94a08a0f5728fe0 https://github.com/phpmyadmin/phpmyadmin/commit/2ffdbf2d7daa0b92541d8b754e2afac55 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8960
https://notcve.org/view.php?id=CVE-2014-8960
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Vulnerabilidad de XSS en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de fichero manipulado. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php http://www.securityfocus.com/bid/71244 https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233 https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8961
https://notcve.org/view.php?id=CVE-2014-8961
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. Vulnerabilidad de salto de directorio en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados obtener información potencialmente sensible sobre el recuento de líneas de un fichero a través de un parámetro manipulado. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php http://www.securityfocus.com/bid/71245 https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994 https://security.gentoo.org/glsa/201505-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •