CVE-2014-4955
https://notcve.org/view.php?id=CVE-2014-4955
Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Vulnerabilidad de XSS en la función PMA_TRI_getRowForList en libraries/rte/rte_list.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de disparador (trigger) manipulado que se maneja indebidamente en la página de disparadores (triggers) de la base de datos. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php http://www.securityfocus.com/bid/68799 https://github.com/phpmyadmin/phpmyadmin/commit/10014d4dc596b9e3a491bf04f3e708cf1887d5e1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4986
https://notcve.org/view.php?id=CVE-2014-4986
Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. Múltiples vulnerabilidades de XSS en js/functions.js en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un nombre de tabla manipulado o (2) un nombre de columna manipulado que no se maneja debidamente durante la construcción de un mensaje de confirmación AJAX. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php http://www.securityfocus.com/bid/68803 https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4987
https://notcve.org/view.php?id=CVE-2014-4987
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. server_user_groups.php en phpMyAdmin 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados evadir las restricciones de acceso y leer la lista de usuarios de MySQL a través de una solicitud viewUsers. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php http://www.securityfocus.com/bid/68804 https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5 https://security.gentoo.org/glsa/201505-03 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-4349
https://notcve.org/view.php?id=CVE-2014-4349
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.1.x anterior a 4.1.14.1 y 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de tabla manipulado que no se maneja debidamente después de una acción de (1) esconder o (2) no esconder. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://phpmyadmin.net/home_page/security/PMASA-2014-3.php http://secunia.com/advisories/60397 http://www.securityfocus.com/bid/68205 https://github.com/phpmyadmin/phpmyadmin/commit/d4f754c937f9e2c0beadff5b2e38215dde1d6a79 https://github.com/phpmyadmin/phpmyadmin/commit/daa98d0c7ed24b529dc5df0d5905873acd0b00be • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4348
https://notcve.org/view.php?id=CVE-2014-4348
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre manipulado de (1) base de datos o (2) de tabla que no se maneja debidamente después de su presencia en (a) la lista de favoritos o (b) tablas recientes. • http://phpmyadmin.net/home_page/security/PMASA-2014-2.php http://www.securityfocus.com/bid/68201 https://github.com/phpmyadmin/phpmyadmin/commit/cb7c703c03f656debcea2a16468bd53660fc888e https://github.com/phpmyadmin/phpmyadmin/commit/d18a2dd9faad7e0e96df799b59e16ef587afb838 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •