10 matches found
Debian DLA-551-1 : phpmyadmin security update
Phpmyadmin, a web administration tool for MySQL, had several Cross Site Scripting XSS vulnerabilities were reported. CVE-2016-5731 With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script. CVE-2016-5733 Several XSS vulnerabilities...
Fedora Update for phpMyAdmin FEDORA-2016-56ee5cb8b6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated phpmyadmin packages fix security vulnerability
In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows a BBCode injection to setup script in case it's not accessed on https CVE-2016-5701. In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control...
phpMyAdmin Multiple Vulnerabilities (PMASA-2016-24, PMASA-2016-26, PMASA-2016-27, PMASA-2016-28) - Windows
phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...
CVE-2016-5739
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...
CVE-2016-5739
CVE-2016-5739 affects phpMyAdmin: Transformation feature vulnerability in 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3. Root cause is omission of no-referrer CSP, enabling CSRF token leakage via Referer header. Impact: potential exposure/read of authentication token enabl...
openSUSE Security Update : phpMyAdmin (openSUSE-2016-804)
phpMyAdmin was updated to version 4.4.15.7 to fix eight security issues. These security issues were fixed : - CVE-2016-5701: BBCode injection vulnerability boo986154 - CVE-2016-5703: SQL injection attack boo986154 - CVE-2016-5705: Multiple XSS vulnerabilities boo986154 - CVE-2016-5706: DOS attack...
Fedora Update for phpMyAdmin FEDORA-2016-81c2dabf20
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
phpmyadmin: multiple issues
CVE-2016-5702 cookie attribute injection A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Only affected when PHPSELF is not set. - CVE-2016-5703 SQL injection A vulnerability was discovered that allows an SQL injection...
Referrer leak in transformations
PMASA-2016-28 Announcement-ID: PMASA-2016-28 Date: 2016-06-23 Summary Referrer leak in transformations Description A vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token. This could be used to direct a CSRF attack...