6027 matches found
phpMyAdmin Open Redirect Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An open redirection vulnerability exists in phpMyAdm...
phpMyAdmin Insecure Password Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. phpMyAdmin has a security vulnerability. Allowing an...
phpMyAdmin security bypass vulnerability (CNVD-2016-11855)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...
phpMyAdmin Security Bypass Vulnerability (CNVD-2016-11853)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...
Multiple SQL injection vulnerabilities in phpMyAdmin (CNVD-2016-11907)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. Multiple SQL injection vulnerabilities exist in...
phpMyAdmin Remote Security Bypass Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A remote security bypass vulnerability exists in...
Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2016-11906)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. Multiple cross-site scripting vulnerabilities exist ...
phpMyAdmin Remote Information Disclosure Vulnerability (CNVD-2016-11902)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A remote information disclosure vulnerability exists...
FreeBSD : phpMyAdmin -- multiple vulnerabilities (6fe72178-b2e3-11e6-8b2a-6805ca0b3d42)
Please reference CVE/URL list for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution and use in source VuXML and...
Multiple full path disclosure vulnerabilities
PMASA-2016-63 Announcement-ID: PMASA-2016-63 Date: 2016-11-25 Updated: 2016-12-06 Summary Multiple full path disclosure vulnerabilities Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which...
Open redirection
PMASA-2016-57 Announcement-ID: PMASA-2016-57 Date: 2016-11-25 Summary Open redirection Description A vulnerability was discovered where a user can be tricked in to following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the...
CSRF token not stripped from the URL
PMASA-2016-71 Announcement-ID: PMASA-2016-71 Date: 2016-11-25 Updated: 2016-12-06 Summary CSRF token not stripped from the URL Description When the argseparator is different from its default value of &, the token was not properly stripped from the return URL of the preference import action...
Multiple XSS vulnerabilities
PMASA-2016-64 Announcement-ID: PMASA-2016-64 Date: 2016-11-25 Updated: 2016-12-06 Summary Multiple XSS vulnerabilities Description Several XSS vulnerabilities have been reported, including an improper fix for PMASA-2016-10 and a weakness in a regular expression using in some JavaScript processing...
Multiple SQL injection vulnerabilities
PMASA-2016-69 Announcement-ID: PMASA-2016-69 Date: 2016-11-25 Updated: 2016-12-06 Summary Multiple SQL injection vulnerabilities Description With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the...
BBCode injection vulnerability
PMASA-2016-67 Announcement-ID: PMASA-2016-67 Date: 2016-11-25 Updated: 2016-12-06 Summary BBCode injection vulnerability Description With a crafted login request it is possible to inject BBCode in the login page. Severity We consider this vulnerability to be severe. Mitigation factor This exploit...
Multiple DOS vulnerabilities
PMASA-2016-65 Announcement-ID: PMASA-2016-65 Date: 2016-11-25 Updated: 2016-12-06 Summary Multiple DOS vulnerabilities Description With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. With a crafted request parameter value it is...
Username deny rules bypass (AllowRoot & Others) by using Null Byte
PMASA-2016-60 Announcement-ID: PMASA-2016-60 Date: 2016-11-25 Updated: 2016-12-06 Summary Username deny rules bypass AllowRoot & Others by using Null Byte Description It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the...
Username rule matching issues
PMASA-2016-61 Announcement-ID: PMASA-2016-61 Date: 2016-11-25 Updated: 2016-12-06 Summary Username rule matching issues Description A vulnerability in username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution tim...
phpinfo information leak value of sensitive (HttpOnly) cookies
PMASA-2016-59 Announcement-ID: PMASA-2016-59 Date: 2016-11-25 Updated: 2016-12-06 Summary phpinfo information leak value of sensitive HttpOnly cookies Description phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. Severity We consider this vulnerability to be...
phpMyAdmin -- multiple vulnerabilities
Please reference CVE/URL list for details...