CVSS: 7.5EPSS: 20%CPEs: 53EXPL: 4CVE-2014-9218 – phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service
https://notcve.org/view.php?id=CVE-2014-9218
08 Dec 2014 — libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. libraries/common.inc.php en phpMyAdmin 4.0.x anterior a 4.0.10.7, 4.1.x anterior a 4.1.14.8, y 4.2.x anterior a 4.2.13.1 permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de una contraseña larga. Multiple vulnerabilities has been discovered and corrected in lib... • https://www.exploit-db.com/exploits/35539 • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 1%CPEs: 59EXPL: 1CVE-2014-8959 – Mandriva Linux Security Advisory 2014-228
https://notcve.org/view.php?id=CVE-2014-8959
26 Nov 2014 — Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. Vulnerabilidad de salto de directorio en libraries/gis/GIS_Factory.class.php en el editor GIS en phpMyAdmin 4.0.x anterior a 4.0.10.6, 4.1.x anterior a 4.1.14.7, y 4.2.x anterior a 4.2.12 permite a usuarios remotos aute... • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 0CVE-2014-8958 – Mandriva Linux Security Advisory 2014-228
https://notcve.org/view.php?id=CVE-2014-8958
26 Nov 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly ha... • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 55EXPL: 2CVE-2014-8326 – Mandriva Linux Security Advisory 2014-208
https://notcve.org/view.php?id=CVE-2014-8326
24 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.5, 4.1.x anterior a 4.1.14.6, ... • http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 0CVE-2014-7217 – Mandriva Linux Security Advisory 2014-194
https://notcve.org/view.php?id=CVE-2014-7217
03 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.4, 4.1.x anterior a 4.1.14.5, y 4.2.... • http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 44EXPL: 0CVE-2014-6300 – Mandriva Linux Security Advisory 2014-183
https://notcve.org/view.php?id=CVE-2014-6300
25 Sep 2014 — Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. Vulnerabilidad de XSS en la implementación micro history en phpMyAdmin 4.0.x anterior a 4.0.10.3, 4.1.x anterior a 4.1.14.4, y 4.2.x anterior a 4.2.8.... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 41EXPL: 5CVE-2014-5273 – Mandriva Linux Security Advisory 2014-164
https://notcve.org/view.php?id=CVE-2014-5273
22 Aug 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. Múltiples vulnerabi... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4986 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4986
20 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. Múltiples vulnerabilidades de XSS en js/functions.js en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permiten a us... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4955 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4955
20 Jul 2014 — Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Vulnerabilidad de XSS en la función PMA_TRI_getRowForList en libraries/rte/rte_list.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 150EXPL: 0CVE-2014-1879 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2014-1879
20 Feb 2014 — Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Vulnerabilidad de XSS en import.php en phpMyAdmin anterior a 4.1.7 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de un nombre de archivo manipulado en una acción import. Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticat... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •