Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : phpMyAdmin vulnerabilities (USN-4843-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4843-1 advisory. Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could us...

Debian: Security Advisory (DLA-757-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9849. Reason: This candidate is a reservation duplicate of CVE-2016-9849. Notes: All CVE users should reference CVE-2016-9849 instead of this candidate. All references and descriptions in this candidate have been removed to...

CVE-2016-1000362

CVE-2016-1000362 is rejected/not used and does not represent an active vulnerability entry.

phpMyAdmin Multiple Security Vulnerabilities - 04 (Dec 2016) - Linux

phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

[SECURITY] [DLA 757-1] phpmyadmin security update

Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u7 CVE ID : CVE-2016-4412 CVE-2016-6626 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2016-9865 Various security issues where found and fixed in phpmyadmin in wheezy. CVE-2016-4412 / PMASA-2016-57 A user can be tricked in following a...

DLA-757-1 phpmyadmin - security update

Bulletin has no description...

CVE-2016-9849

CVE-2016-9849 affects phpMyAdmin; the vulnerability lets an attacker bypass the AllowRoot restriction and deny rules for usernames by injecting a null byte into the username. Affected are all 4.6.x versions prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18. Exploitation could ...

CVE-2016-9849

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the username. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

Username deny rules bypass (AllowRoot & Others) by using Null Byte

PMASA-2016-60 Announcement-ID: PMASA-2016-60 Date: 2016-11-25 Updated: 2016-12-06 Summary Username deny rules bypass AllowRoot & Others by using Null Byte Description It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the...