113 matches found
DEBIAN-CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-9847
An issue was discovered in phpMyAdmin. When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's...
Default credentials
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
UBUNTU-CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
phpMyAdmin is affected by CVE-2016-6606 due to a padding oracle vulnerability in cookie-based encryption that could allow an attacker with access to a user’s browser cookie to decrypt the stored username and password. The issue also stems from reusing the same IV to hash the username and password...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
MGASA-2016-0416 Updated phpmyadmin packages fix security vulnerability
In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's...
Updated phpmyadmin packages fix security vulnerability
In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's...
CVE-2016-0883
Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...
CVE-2016-0883
Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...
CVE-2016-0883
CVE-2016-0883 affects Pivotal Cloud Foundry Ops Manager prior to 1.5.14 and 1.6.x prior to 1.6.9. The issue is that the same cookie-encryption key was used across different customers’ installations, enabling remote attackers to bypass session authentication by leveraging knowledge of the key from...
FreeBSD : phpmyadmin -- multiple vulnerabilities (ef70b201-645d-11e6-9cdc-6805ca0b3d42)
The phpmyadmin development team reports : Weakness with cookie encryption Multiple XSS vulnerabilities Multiple XSS vulnerabilities PHP code injection Full path disclosure SQL injection attack Local file exposure Local file exposure through symlinks with UploadDir Path traversal with SaveDir and...
phpmyadmin -- multiple vulnerabilities
The phpmyadmin development team reports: Weakness with cookie encryption Multiple XSS vulnerabilities Multiple XSS vulnerabilities PHP code injection Full path disclosure SQL injection attack Local file exposure Local file exposure through symlinks with UploadDir Path traversal with SaveDir and...
Weakness with cookie encryption
PMASA-2016-29 Announcement-ID: PMASA-2016-29 Date: 2016-07-07 Summary Weakness with cookie encryption Description A pair of vulnerabilities were found affecting the way cookies are stored. The decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker...
YXcmsApp v1.2.7 暴力sql注入。
简要描述: rt 详细说明: YXcmsApp 的cookie的加密用的都是dz的那个函数, 看看密钥是怎么来的 protected/apps/install/controller/indexController.php $this-randomcode= substrmd5time, 0, 6; 唔。才6位,那么就很好破解了,poc见测试代码 注册用户,抓包获取cookie yxaut的值, 利用poc得到key后,我们就能根据他的加密函数控制cookie了。 function cpencode$data,$key='',$expire = 0...
Fedora 20 : phpMyAdmin-4.2.6-1.fc20 (2014-8581)
phpMyAdmin 4.2.6.0 2014-07-17 =============================== - Undefined index warning with referenced column. - $cfg'MaxExactCount' is ignored when BROWSING is back - Multi Column sorting improved user experience - Server validation does not work while in setup/mysqli - Undefined variable when...