CVE-2017-1000013

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness...

CVE-2017-1000014

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality...

CVE-2017-1000018

CVE-2017-1000018 affects phpMyAdmin 4.0, 4.4, and 4.6. The vulnerability allows a denial-of-service in the replication status by sending a specially crafted table name. The provided sources consistently describe a DOS impact without detailing exploitation steps beyond the specific input vector. T...

CVE-2017-1000017

CVE-2017-1000017 affects phpMyAdmin 4.0, 4.4 and 4.6. A user with appropriate permissions can connect to an arbitrary MySQL server, indicating a serious exposure for affected deployments. The entry includes CVSS details (v3: 8.8, HIGH) from NVD, with network attack vector and no user interaction ...

CVE-2017-1000018

phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name...

CVE-2017-1000014

CVE-2017-1000014 affects phpMyAdmin up to v4.6, where the table-editing input handling is vulnerable to a denial of service. The root cause, per the Ubuntu USN entry, is improper sanitization of input during the table editing operation, which could trigger a recursive condition and exhaust resour...

CVE-2017-1000017

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server...

CVE-2017-1000015

CVE-2017-1000015 : phpMyAdmin versions 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack via crafted cookie parameters. The connected documents confirm the affected software and the underlying issue is a CSS injection triggered by cookie values; no exploit details or in‑the‑wild data are...

CVE-2017-1000018

phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name...

CVE-2017-1000013

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness...

CVE-2017-1000014

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality...

CVE-2017-1000017

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server...

CVE-2017-1000015

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters...

GLSA-201707-03 : phpMyAdmin: Security bypass

The remote host is affected by the vulnerability described in GLSA-201707-03 phpMyAdmin: Security bypass A vulnerability was discovered where the restrictions caused by $cfgServers$iAllowNoPassword = false are bypassed under certain PHP versions. This can lead compromised user accounts, who have ...

phpMyAdmin: Security bypass

Background phpMyAdmin is a web-based management tool for MySQL databases. Description A vulnerability was discovered where the restrictions caused by “$cfg‘Servers’$i‘AllowNoPassword’ = false” are bypassed under certain PHP versions. This can lead compromised user accounts, who have no passwords...

Ampache 3.8.2 Cross Site Scripting

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AMPACHE-v3.8.2-XSS.txt + ISR: ApparitionSec Vendor: ========== ampache.org Product: ============== ampache v3.8.2 A web based audio/video streaming application and file...

phpMyAdmin 4.4.x < 4.4.15.7 Multiple Vulnerabilities (PMASA-2016-17, PMASA-2016-19, PMASA-2016-21 - PMASA-2016-24, PMASA-2016-26 - PMASA-2016-28)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.4.x prior to 4.4.15.7. It is, therefore, affected by the following vulnerabilities: - A flaw exists in the setup/frames/index.inc.php script that allows an unauthenticated, remote attack...

phpMyAdmin 4.0.x < 4.0.10.16 Multiple Vulnerabilities (PMASA-2016-17, PMASA-2016-22 - PMASA-2016-24, PMASA-2016-26 - PMASA-2016-28)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.16. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the setup/frames/index.inc.php script that allows an unauthenticated, remote...

phpMyAdmin 4.6.x < 4.6.3 Multiple Vulnerabilities (PMASA-2016-17 - PMASA-2016-28)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.6.x prior to 4.6.3. It is, therefore, affected by the following vulnerabilities: - A flaw exists in the setup/frames/index.inc.php script that allows an unauthenticated, remote attacker ...

openSUSE Security Update : phpMyAdmin (openSUSE-2017-470)

This update for phpMyAdmin fixes the following issue : - boo1032105: The AllowNoPassword configuration option may have been bypassed when running on PHP5, allowing the login of users who have no password set even with AllowNoPassword set to false PMASA-2017-8 %NASLMINLEVEL 70300 C Tenable Network...