CVSS: 4.0EPSS: 0%CPEs: 24EXPL: 0CVE-2014-4987
https://notcve.org/view.php?id=CVE-2014-4987
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. server_user_groups.php en phpMyAdmin 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados evadir las restricciones de acceso y leer la lista de usuarios de MySQL a través de una solicitud viewUsers. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php http://www.securityfocus.com/bid/68804 https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5 https://security.gentoo.org/glsa/201505-03 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 2CVE-2014-4349
https://notcve.org/view.php?id=CVE-2014-4349
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.1.x anterior a 4.1.14.1 y 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de tabla manipulado que no se maneja debidamente después de una acción de (1) esconder o (2) no esconder. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://phpmyadmin.net/home_page/security/PMASA-2014-3.php http://secunia.com/advisories/60397 http://www.securityfocus.com/bid/68205 https://github.com/phpmyadmin/phpmyadmin/commit/d4f754c937f9e2c0beadff5b2e38215dde1d6a79 https://github.com/phpmyadmin/phpmyadmin/commit/daa98d0c7ed24b529dc5df0d5905873acd0b00be • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 2CVE-2014-4348
https://notcve.org/view.php?id=CVE-2014-4348
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre manipulado de (1) base de datos o (2) de tabla que no se maneja debidamente después de su presencia en (a) la lista de favoritos o (b) tablas recientes. • http://phpmyadmin.net/home_page/security/PMASA-2014-2.php http://www.securityfocus.com/bid/68201 https://github.com/phpmyadmin/phpmyadmin/commit/cb7c703c03f656debcea2a16468bd53660fc888e https://github.com/phpmyadmin/phpmyadmin/commit/d18a2dd9faad7e0e96df799b59e16ef587afb838 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 150EXPL: 0CVE-2014-1879
https://notcve.org/view.php?id=CVE-2014-1879
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Vulnerabilidad de XSS en import.php en phpMyAdmin anterior a 4.1.7 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de un nombre de archivo manipulado en una acción import. • http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html http://secunia.com/advisories/59832 http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php http://www.securityfocus.com/bid/65717 https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4462 – Portable phpMyAdmin <= 1.5.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-4462
WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability WordPress Portable phpMyAdmin Plugin presenta una vulnerabilidad de omisión de autenticación. WordPress Portable phpMyAdmin Plugin version 1.5.0 and below has an authentication bypass vulnerability. • http://www.openwall.com/lists/oss-security/2013/10/24/1 http://www.securityfocus.com/bid/63249 • CWE-287: Improper Authentication •