CVE-2015-3902

CVE-2015-3902 is a CSRF/XSRF vulnerability in the phpMyAdmin setup process. The issue affects PHPMyAdmin releases up to 4.0.x < 4.0.10.10, 4.2.x < 4.2.13.3, 4.3.x < 4.3.13.1, and 4.4.x

CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

phpMyAdmin 4.0.x < 4.0.10.10 / 4.2.x < 4.2.13.3 / 4.3.x < 4.3.13.1 / 4.4.x < 4.4.6.1 Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3) (deprecated)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.10, 4.2.x prior to 4.2.13.3, 4.3.x prior to 4.3.13.1, or 4.4.x prior to 4.4.6.1. It is, therefore, potentially affected by multiple vulnerabilities: - An attacker cou...

Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup CVE-2015-3902. In phpMyAdmin before 4.2.13.3, a vulnerability in the API ca...

FreeBSD : phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities (c6e31869-f99f-11e4-9f91-6805ca0b3d42)

The phpMyAdmin development team reports : XSRF/CSRF vulnerability in phpMyAdmin setup. By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. This vulnerability only affects the configuration file generation process and...

phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities

The phpMyAdmin development team reports: XSRF/CSRF vulnerability in phpMyAdmin setup. By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. This vulnerability only affects the configuration file generation process and...

XSRF/CSRF vulnerability in phpMyAdmin setup.

PMASA-2015-2 Announcement-ID: PMASA-2015-2 Date: 2015-05-13 Summary XSRF/CSRF vulnerability in phpMyAdmin setup. Description By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. Severity We consider this vulnerability...

CVE-2015-3446

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file .cfg...

Code injection

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file .cfg...

CVE-2015-3446

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file .cfg...

Unspecified Vulnerability in Apple OS X Server Firewall Component

Apple OS X Server is a set of Unix-based server operating software from the U.S. company Apple Apple. The software enables file sharing, meeting scheduling, web hosting, network remote access, etc. Firewall is one of the firewall components. A security vulnerability exists in the Firewall compone...

OracleVM 3.3 : glibc (OVMSA-2015-0055)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix invalid file descriptor reuse while sending DNS query 1207995, CVE-2013-7423. - Fix buffer overflow in gethostbynamer with misaligned buffer 1209375, CVE-2015-1781. - Enhance nscd to detect any...

glibc security and bug fix update

2.12-1.149.7 - Fix invalid file descriptor reuse while sending DNS query 1207995, CVE-2013-7423. - Fix buffer overflow in gethostbynamer with misaligned buffer 1209375, CVE-2015-1781. 2.12-1.149.6 - Enhance nscd to detect any configuration file changes 1194149...

CVE-2014-8390

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a 1 CFG or 2 DAT file...

UBUNTU-CVE-2013-6501

The default soap.wsdlcachedir setting in 1 php.ini-production and 2 php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the getsdl...

CVE-2015-0999

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file...

Design/Logic Flaw

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file...

CVE-2015-0999

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file...

CVE-2015-0999

The CVE-2015-0999 issue affects Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4, where OPC User credentials are stored in cleartext in configuration files. This enables local attackers with access to read the files to o...

Information disclosure

Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorerwse/, which allows remote attackers to obtain sensitive information via a direct request to a 1 Web Security incident report or the 2 Explorer configuration websense.ini file...