Debian Phpmyadmin vulnerabilities

CVE-2015-8669 [MEDIUM] CVE-2015-8669: phpmyadmin - libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x be... libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. Scope: local bookworm: resolved (fixed in 4:4.5.3.1-1) bullseye: resolved (fixed in 4:4.5.3.1-1) forky: resolved (fix

CVE-2015-6830 [MEDIUM] CVE-2015-6830: phpmyadmin - libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before... libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. Scope: local bookworm: resolved (fixed in 4:4.4.14.1-1) bullseye: resolved (fi

CVE-2015-3903 [MEDIUM] CVE-2015-3903: phpmyadmin - libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.... libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Scope: local bookworm: resolved (fixed i

CVE-2014-8961 [MEDIUM] CVE-2014-8961: phpmyadmin - Directory traversal vulnerability in libraries/error_report.lib.php in the error... Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. Scope: local bookworm: resolved (fixed in 4:4.2.12-1) bullseye: resolved (fix

CVE-2014-6300 [MEDIUM] CVE-2014-6300: phpmyadmin - Cross-site scripting (XSS) vulnerability in the micro history implementation in ... Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. Sco

CVE-2014-8959 [MEDIUM] CVE-2014-8959: phpmyadmin - Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the ... Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. Scope: local bookworm: resolved (fixed in 4:4.2.12-1) bullseye: resolved

CVE-2014-9219 [MEDIUM] CVE-2014-9219: phpmyadmin - Cross-site scripting (XSS) vulnerability in the redirection feature in url.php i... Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Scope: local bookworm: resolved (fixed in 4:4.2.12-2) bullseye: resolved (fixed in 4:4.2.12-2) forky: resolved (fixed in 4:4.2.12-2) sid: resolved (fixed in 4:4.2.1

CVE-2014-4986 [LOW] CVE-2014-4986: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyA... Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. Scope: local b

CVE-2014-8958 [MEDIUM] CVE-2014-8958: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is

CVE-2014-8326 [LOW] CVE-2014-8326: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_mon

CVE-2014-4955 [LOW] CVE-2014-4955: phpmyadmin - Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function i... Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Scope: local b

CVE-2014-9218 [MEDIUM] CVE-2014-9218: phpmyadmin - libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.1... libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. Scope: local bookworm: resolved (fixed in 4:4.2.12-2) bullseye: resolved (fixed in 4:4.2.12-2) forky: resolved (fixed in 4:4.2.12-2) sid: resolved (fixed in

CVE-2014-1879 [LOW] CVE-2014-1879: phpmyadmin - Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.... Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Scope: local bookworm: resolved (fixed in 4:4.1.7-1) bullseye: resolved (fixed in 4:4.1.7-1) forky: resolved (fixed in 4:4.1.7-1) sid: resolved (fixed in 4:4.1.7-1) trix

CVE-2014-4954 [LOW] CVE-2014-4954: phpmyadmin - Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks functi... Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. Scope: local bookworm: resolved (fixed in 4

CVE-2014-7217 [LOW] CVE-2014-7217: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.clas

CVE-2014-8960 [LOW] CVE-2014-8960: phpmyadmin - Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in th... Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Scope: local bookworm: resolved (fixed in 4:4.2.12-1) bullseye: resolved (fixed in 4:4.2.12-1) forky: res

CVE-2014-5273 [LOW] CVE-2014-5273: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js

CVE-2014-4987 [MEDIUM] CVE-2014-4987: phpmyadmin - server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.... server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. Scope: local bookworm: resolved (fixed in 4:4.2.6-1) bullseye: resolved (fixed in 4:4.2.6-1) forky: resolved (fixed in 4:4.2.6-1) sid: resolved (fixed in 4:

CVE-2014-4348 [LOW] CVE-2014-4348: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. Scope: local bookworm: resolved (fixed in 4:4.2.5-1) bullseye: resolved

CVE-2014-4349 [LOW] CVE-2014-4349: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. Scope: local bookworm: resolved (fixed in 4:4.2.5-1) bullseye: resolved (fixed in 4:4.2.5-1) f