rpm package
opensuse/phpMyAdmin&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweed
Vulnerabilities (163)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-8960 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Nov 30, 2014 | Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | ||
| CVE-2014-8959 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Nov 30, 2014 | Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-typ | ||
| CVE-2014-8958 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Nov 30, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improp | ||
| CVE-2014-6300 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Nov 8, 2014 | Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery | ||
| CVE-2014-8326 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Nov 5, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libr | ||
| CVE-2014-7217 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Oct 3, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of | ||
| CVE-2014-5274 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Aug 22, 2014 | Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. | ||
| CVE-2014-5273 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Aug 22, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor pa | ||
| CVE-2014-4987 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jul 20, 2014 | server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. | ||
| CVE-2014-4986 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jul 20, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that i | ||
| CVE-2014-4955 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jul 20, 2014 | Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a craft | ||
| CVE-2014-4954 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jul 20, 2014 | Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled durin | ||
| CVE-2014-4349 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jun 25, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. | ||
| CVE-2014-4348 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jun 25, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) | ||
| CVE-2014-1879 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Feb 20, 2014 | Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. | ||
| CVE-2013-5029 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Aug 19, 2013 | phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. | ||
| CVE-2013-5003 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jul 31, 2013 | Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. | ||
| CVE-2013-5002 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jul 31, 2013 | Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. | ||
| CVE-2013-5001 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jul 31, 2013 | Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a T | ||
| CVE-2013-5000 | — | < 4.6.5.2-1.1 | 4.6.5.2-1.1 | Jul 31, 2013 | phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. |
- CVE-2014-8960Nov 30, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
- CVE-2014-8959Nov 30, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-typ
- CVE-2014-8958Nov 30, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improp
- CVE-2014-6300Nov 8, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery
- CVE-2014-8326Nov 5, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libr
- CVE-2014-7217Oct 3, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of
- CVE-2014-5274Aug 22, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.
- CVE-2014-5273Aug 22, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor pa
- CVE-2014-4987Jul 20, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.
- CVE-2014-4986Jul 20, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that i
- CVE-2014-4955Jul 20, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a craft
- CVE-2014-4954Jul 20, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled durin
- CVE-2014-4349Jun 25, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.
- CVE-2014-4348Jun 25, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b)
- CVE-2014-1879Feb 20, 2014affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
- CVE-2013-5029Aug 19, 2013affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
- CVE-2013-5003Jul 31, 2013affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.
- CVE-2013-5002Jul 31, 2013affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.
- CVE-2013-5001Jul 31, 2013affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a T
- CVE-2013-5000Jul 31, 2013affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.
Page 7 of 9