Fedora 23 : phpMyAdmin (2016-7fc142da66)

phpMyAdmin 4.6.5.1 2016-11-26 =============================== A patch-level release fixing two small issues : - an issue affecting a small number of users using $cfg'Servers'$i'hidedb' or $cfg'Servers'$i'onlydb'. - an issue affecting the create table dialog where the partition selection tool was...

openSUSE Security Update : phpMyAdmin (openSUSE-2016-1406)

This update to phpMyAdmin 4.4.15.9 fixes security issues and bugs. The following security issues were fixed : - Unsafe generation of $cfg'blowfishsecret' PMASA-2016-58 - phpMyAdmin's phpinfo functionality is removed PMASA-2016-59 - AllowRoot and allow/deny rule bypass with specially crafted...

Fedora 25 : phpMyAdmin (2016-6576a8536b)

phpMyAdmin 4.6.5.1 2016-11-26 =============================== A patch-level release fixing two small issues : - an issue affecting a small number of users using $cfg'Servers'$i'hidedb' or $cfg'Servers'$i'onlydb'. - an issue affecting the create table dialog where the partition selection tool was...

The vulnerability of the PostgreSQL database management system allows a malicious individual to cause service failures or obtain confidential information.

The PostgreSQL database management system versions 9.2.x up to 9.2.3, 9.1.x up to 9.1.8, 9.0.x up to 9.0.12, 8.4.x up to 8.4.16, and 8.3.x up to 8.3.23 incorrectly handle the enumrecv function in the backend/utils/adt/enum.c interface. This allows authorized users to trigger server failures or...

Apple Mac OSX Kernel - Out-of-Bounds Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type

Apple Mac OSX Kernel - Out-of-Bounds Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=774 The IOHIDFamily function IOHIDDevice::handleReportWithTime takes at attacker controlled unchecked IOHIDReportType...

Apple Mac OSX Kernel - Out-of-Bounds Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=774 The IOHIDFamily function IOHIDDevice::handleReportWithTime takes at attacker controlled unchecked IOHIDReportType enum, which was cast from an int in either IOHIDLibUserClient::setReport or getReport: ret =...

CVE-2016-1823

CVE-2016-1823 affects Apple iOS 9.3.2 and OS X 10.11.5 (as well as tvOS 9.2.1 and watchOS 2.2.1) via IOHIDDevice::handleReportWithTime. A crafted IOHIDReportType enum can trigger an incorrect cast, causing out-of-bounds read and memory corruption, enabling an attacker to execute arbitrary code in...

Low: nmap

Issue Overview: The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences. Affected Packages:...

smb-vuln-regsvc-dos NSE Script

Checks if a Microsoft Windows 2000 system is vulnerable to a crash in regsvc caused by a null pointer dereference. This check will crash the service if it is vulnerable and requires a guest account or higher to work. The vulnerability was discovered by Ron Bowes while working on smb-enum-sessions...

CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

DEBIAN-CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

UBUNTU-CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

phpMyAdmin -- XSS and information disclosure vulnerabilities

The phpMyAdmin development team reports: With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages. With a crafted value for font siz...

[SECURITY] Fedora 20 Update: ctags-5.8-16.fc20

Ctags generates an index or tag file of C language objects found in C source and header files. The index makes it easy for text editors or other utilities to locate the indexed items. Ctags can also generate a cross reference file which lists information about the various objects found in a set o...

phpMyAdmin 4.0.x < 4.0.10.4 / 4.1.x < 4.1.14.5 / 4.2.x < 4.2.9.1 'ENUM' Value XSS (PMASA-2014-11)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.4, 4.1.x prior to 4.1.14.5, or 4.2.x prior to 4.2.9.1. It is, therefore, affected by an input validation error related to the 'ENUM' value and the files...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1280-1)

phpMyAdmin was updated fix a security issues CVE-2014-7217 This update contains a fix for a cross-site scripting vulnerability in the table search and table structure pages which could be trigged with a crafted ENUM value. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

DEBIAN-CVE-2014-7217

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

CVE-2014-7217

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

UBUNTU-CVE-2014-7217

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...