7 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-4412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another...
PT-2023-6128 · Wireshark +4 · Wireshark +4
Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.16 Wireshark versions 4.0.0 through 4.0.8 Description: The issue is related to a memory leak in the RTPS dissector of Wireshark, which can be exploited to cause a denial of service. This can be achieved vi...
GHSA-JVXX-8XXF-5495 phpMyAdmin CSRF Vulnerability
An issue was discovered in phpMyAdmin. When the argseparator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to...
Race condition
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-9848
An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...
CVE-2016-9856
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are...