CVE-2019-19968

PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. 'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : phpMyAdmin vulnerabilities (USN-4843-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4843-1 advisory. Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could us...

USN-4639-1: phpMyAdmin vulnerabilities

It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. CVE-2018-19968 It was discovered that phpMyAdmin incorrectly handled user input. An...

CVE-2019-19968

PandoraFMS 742 is affected by multiple stored XSS vulnerabilities in the Agent Management, Report Builder, and Graph Builder components. The root cause, as described across sources, is inadequate validation/sanitation of client data stored by the web application, which is later read and echoed in...

openSUSE Security Update : phpMyAdmin (openSUSE-2019-1009)

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245 : - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...

PhpMyAdmin tbl_replace.php Local File Inclusion (CVE-2018-19968)

A local file inclusion vulnerability exists in phpMyAdmin. The vulnerability is due to improper sanitization of a column in the column info table. A remote, authenticated attacker could exploit this vulnerability by sending a request with crafted SQL statements to the target server. Successful...

[SECURITY] [DLA 1658-1] phpmyadmin security update

Package : phpmyadmin Version : 4:4.2.12-2+deb8u4 CVE ID : CVE-2018-19968 CVE-2018-19970 A couple of vulnerabilities have been discovered in phpmyadmin, MySQL web administration tool. CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an...

openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2018:4124-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2018:4124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for phpMyAdmin (moderate)

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245: - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...

phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities (PMASA-2018-6, PMASA-2018-8) - Windows

phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-19968

CVE-2018-19968 affects phpMyAdmin prior to 4.8.4. An attacker can leak the contents of a local file due to an error in the transformation feature. Exploitation requires access to the phpMyAdmin Configuration Storage tables (which can be created by the attacker in any database they can access) and...

CVE-2018-19968

creationtimestamp| type| source ---|---|--- 2018-12-11 16:14:19+00:00| seen| https://t.me/thehackernews/151...

phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities (PMASA-2018-6) (PMASA-2018-8)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.x prior to 4.8.4. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in the transformation feature. An authenticated, remote attacker c...

Local file inclusion through transformation feature

PMASA-2018-6 Announcement-ID: PMASA-2018-6 Date: 2018-12-07 Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration...

WM-News 0.5 - print.php Local File Inclusion

WM-News 0.5 - print.php Local File Inclusion source: https://www.securityfocus.com/bid/19968/info WM-News is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and th...