Linux Distros Unpatched Vulnerability : CVE-2016-6626

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to...

Linux Distros Unpatched Vulnerability : CVE-2016-6615

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature a specially-crafted database name can be used to trigg...

SUSE CVE-2016-6616

An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions prior to 4.6.4 and 4.4.x versions prior to 4.4.15.8 are affected...

phpMyAdmin SQL Injection Vulnerability (CNVD-2016-13238)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A SQL injection vulnerability exists in phpMyAdmin versions 4.6.x prior to 4.6.4 and 4.4.x prior to 4.4.15.8. The vulnerability can be exploited to execute arbitrary SQL injection commands via the Use...

CVE-2016-6615

XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature a specially-crafted database name can be used to trigger an XSS attack; the "Tracking" feature a specially-crafted query can be used to trigger an XSS attack; and GIS visualization feature. Al...

openSUSE Security Update : phpMyAdmin (openSUSE-2016-1027)

This phpMyAdmin update to version 4.4.15.8 fixes the following issues : Security issues fixed : - Improve session cookie code for openid.php and signon.php example files - Full path disclosure in openid.php and signon.php example files - Unsafe generation of BlowfishSecret when not supplied by th...

Security update for phpMyAdmin (important)

phpMyAdmin was updated to version 4.4.15.8 2016-08-16 to fix the following issues: - Upstream changelog for 4.4.15.8: Improve session cookie code for openid.php and signon.php example files Full path disclosure in openid.php and signon.php example files Unsafe generation of BlowfishSecret when no...

DOS attack with forced persistent connections

PMASA-2016-45 Announcement-ID: PMASA-2016-45 Date: 2016-07-21 Summary DOS attack with forced persistent connections Description A vulnerability was discovered where an unauthenticated user is able to execute a denial-of-service DOS attack by forcing persistent connections when phpMyAdmin is runni...

Local file exposure

PMASA-2016-35 Announcement-ID: PMASA-2016-35 Date: 2016-07-12 Summary Local file exposure Description A vulnerability was discovered where a user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. Severity We consider this vulnerability to be...