diff options
| author | matthew <matthew@FreeBSD.org> | 2014-07-18 15:02:34 +0800 |
|---|---|---|
| committer | matthew <matthew@FreeBSD.org> | 2014-07-18 15:02:34 +0800 |
| commit | ae807ef83f3b31339c44fbe86e936ef7a70d698b (patch) | |
| tree | afbaf40e047785414eb2519c6059389e619a65ed /security | |
| parent | 68a0a47aacd4766ca95e634fda41f786bc8d3375 (diff) | |
| download | freebsd-ports-gnome-ae807ef83f3b31339c44fbe86e936ef7a70d698b.tar.gz freebsd-ports-gnome-ae807ef83f3b31339c44fbe86e936ef7a70d698b.tar.zst freebsd-ports-gnome-ae807ef83f3b31339c44fbe86e936ef7a70d698b.zip | |
Yet another tranche of phpMyAdmin security alerts. In typical style
there has been a software release with warnings that it contains
security fixes, but the Security Advisories are not yet available and
CVE numbers have not yet been published.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 5f2196eb593f..951cc72e5d06 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,43 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3f09ca29-0e48-11e4-b17a-6805ca0b3d42"> + <topic>phpMyAdmin -- multiple XSS vulnerabilities, missing validation</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>4.2.0</ge><lt>4.2.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php"> + <p>XSS injection due to unescaped table comment.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php"> + <p>XSS injection due to unescaped table name (triggers).</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php"> + <p>XSS in AJAX confirmation messages.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"> + <p>Missing validation for accessing User groups feature.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php</url> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php</url> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php</url> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php</url> + </references> + <dates> + <discovery>2014-07-18</discovery> + <entry>2014-07-18</entry> + </dates> + </vuln> + <vuln vid="3718833e-0d27-11e4-89db-000c6e25e3e9"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |