CVE-2016-9866

phpMyAdmin is affected by CVE-2016-9866 due to improper handling of the CSRF token in return URLs for the preference import action when arg_separator differs from its default value. Affected versions include 4.6.x prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18. Evidence in ...

CVE-2016-9859

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2016-6632

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-9866

An issue was discovered in phpMyAdmin. When the argseparator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to...

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's...

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean

Recently, I found that Digital Ocean suffered from a security vulnerability in their domain import system which allowed for the takeover of 20K domain names. If you haven't given that post a read I recommend doing so before going through this write up. Originally I had assumed that this issue was...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1380)

OpenJDK Java was updated to jdk8u111 icedtea 3.2.0 to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks bsc1005522 + S8156794: Extend data...

cfme: RCE via Capacity & Utilization feature

A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as...

SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2887-1)

OpenJDK Java was updated to jdk8u111 icedtea 3.2.0 to fix the following issues : - Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks bsc1005522 + S8156794: Extend data...

DLA-708-1 mysql-5.5 - security update

Bulletin has no description...

Fedora 25 : firewalld (2016-4dedc6ec3d)

Fix CVE-2016-5410: Firewall configuration can be modified by any logged in user - firewall/server/firewalld: Make getXSettings and getLogDenied CONFIGINFO - Update AppData configuration file. - tests/firewalldrich.py: Use new import structure and FirewallClient classes - tests/firewallddirect.py:...

FreeBSD : gitlab -- Directory traversal via 'import/export' feature (10968dfd-a687-11e6-b2d3-60a44ce6887b)

GitLab reports : The import/export feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that...

GitLab unauthorized access vulnerability can lead to remote command execution-vulnerability warning-the black bar safety net

GitLab is a use of Ruby on Rails development, Open Source Application, to achieve a self-hosted Git project repository, through a Web interface to access the public or private projects. 2 0 1 6 years 1 1 months to 3 December, the United States the congregation measured platform HackerOne announce...

Error :While Importing RSA Token from Secure Mail

When trying to import a token from Secure Mail into the RSA SecurID app that is outside of the XenMobile Secure App container, an error message is received...

GitLab Patches Command Execution Vulnerability

Developers with GitLab this week fixed a critical vulnerability in the open source repository management software that could have led to command execution and allowed an authenticated user to gain access to sensitive application files, tokens, or secrets. HackerOne cofounder Jobert Abma unearthed...

CVE-2016-9086

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files tar. All GitLab versions prior to 8.13.0 restricted this feature to...

CVE-2016-9086

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files tar. All GitLab versions prior to 8.13.0 restricted this feature to...

CVE-2016-7402

SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa system administrator via dbcc importsproc SQL injection...

CVE-2016-9086

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files tar. All GitLab versions prior to 8.13.0 restricted this feature to...

Security feature bypass

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files tar. All GitLab versions prior to 8.13.0 restricted this feature to...