Page 24 of 265 results (0.013 seconds)

CVSS: 5.0EPSS: 20%CPEs: 53EXPL: 4

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. libraries/common.inc.php en phpMyAdmin 4.0.x anterior a 4.0.10.7, 4.1.x anterior a 4.1.14.8, y 4.2.x anterior a 4.2.13.1 permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de una contraseña larga. • https://www.exploit-db.com/exploits/35539 http://www.debian.org/security/2015/dsa-3382 http://www.mandriva.com/security/advisories?name=MDVSA-2014:243 http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php http://www.securityfocus.com/bid/71434 https://exchange.xforce.ibmcloud.com/vulnerabilities/99140 https://github.com/phpmyadmin/phpmyadmin/commit/095729d81205f15f40d216d25917017da4c2fff8 https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 https://github.com/phpmyadmin • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 1

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de XSS en la caracteristica de redirección en url.php en phpMyAdmin 4.2.x anterior a 4.2.13.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro url. • http://www.mandriva.com/security/advisories?name=MDVSA-2014:243 http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php https://exchange.xforce.ibmcloud.com/vulnerabilities/99137 https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.6, 4.1.x anterior a 4.1.14.7, y 4.2.x anterior a 4.2.12 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de (1) una base de datos manipulada, (2) una tabla manipulada o (3) un nombre de columna manipulado que se maneja indebidamente durante el renderazación de la página del navegador de tablas; un valor ENUM manipulado que se maneja indebidamente durante la renderización de (4) la visualización de la impresión de tablas o (5) la página de búsqueda del zoom; o (6) una cookie pma_fontsize manipulada que se maneja indebidamente durante la renderización de la página de inicio. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.debian.org/security/2015/dsa-3382 http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php http://www.securityfocus.com/bid/71243 https://github.com/phpmyadmin/phpmyadmin/commit/1bc04ec95038f2356ad33752090001bf1c047208 https://github.com/phpmyadmin/phpmyadmin/commit/2a3b7393d1d5a8ba0543699df94a08a0f5728fe0 https://github.com/phpmyadmin/phpmyadmin/commit/2ffdbf2d7daa0b92541d8b754e2afac55 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 1%CPEs: 59EXPL: 1

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. Vulnerabilidad de salto de directorio en libraries/gis/GIS_Factory.class.php en el editor GIS en phpMyAdmin 4.0.x anterior a 4.0.10.6, 4.1.x anterior a 4.1.14.7, y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados incluir y ejecutar ficheros locales arbitrarios a través de un parámetro del tipo 'geometría' manipulado. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php http://www.securityfocus.com/bid/71247 https://github.com/phpmyadmin/phpmyadmin/commit/80cd40b6687a6717860d345d6eb55bef2908e961 https://security.gentoo.org/glsa/201505-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 1

Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Vulnerabilidad de XSS en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de fichero manipulado. • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php http://www.securityfocus.com/bid/71244 https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233 https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •