Username rule matching issues

PMASA-2016-61 Announcement-ID: PMASA-2016-61 Date: 2016-11-25 Updated: 2016-12-06 Summary Username rule matching issues Description A vulnerability in username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution tim...

Username deny rules bypass (AllowRoot & Others) by using Null Byte

PMASA-2016-60 Announcement-ID: PMASA-2016-60 Date: 2016-11-25 Updated: 2016-12-06 Summary Username deny rules bypass AllowRoot & Others by using Null Byte Description It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the...

Yahoo Web Security Bug Bounty : Phpmyadmin access make data on risk

Yahoo Web Security Bug Bounty : Phpmyadmin access make data on risk Little Insight: Vulnerability in Yahoo bug bounty data on risk Vulnerable Website: http://tw.page.games.yahoo.net/phpmyadmin/setup/index.php?page=form&formset=LeftframetabLefttables Impact: As you can see in the following...

EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution

Exploit for php platform in category web applications + Credits: John Page aka hyp3rlinx Vendor: =============== www.easyphp.org Product: ============================= EasyPHP Devserver v16.1.1 easyphp-devserver-16.1.1-setup.exe hash: 64184d330a34be9e6c029ffa63c903de A complete WAMP environment f...

EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution

EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYPHP-DEV-SERVER-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ===============...

phpMyAdmin 4.0.x < 4.0.10.17 / 4.4.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities (PMASA-2016-29 - PMASA-2016-56) (deprecated)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.17, 4.4.x prior to 4.4.15.8, or 4.6.x prior to 4.6.4. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists d...

phpMyAdmin directory traversal vulnerability (CNVD-2016-11438)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. phpMyAdmin has a directory traversal vulnerability...

Fedora 25 : phpMyAdmin (2016-49e1e93a66)

phpMyAdmin 4.6.4 2016-08-16 ============================= This release includes many security fixes of various levels of severity. Upstream recommends all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are unable t...

phpMyAdmin SQL Injection Vulnerability (CNVD-2016-10819)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A SQL injection vulnerability exists in phpMyAdmin...

phpMyAdmin Local Information Disclosure Vulnerability (CNVD-2016-10815)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A local information disclosure vulnerability exists ...

phpMyAdmin Information Disclosure Vulnerability (CNVD-2016-10818)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An information disclosure vulnerability exists in...

phpMyAdmin security bypass vulnerability (CNVD-2016-10814)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...

phpMyAdmin Local Information Disclosure Vulnerability (CNVD-2016-10817)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A local information disclosure vulnerability exists ...

phpMyAdmin PHP Code Injection Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A PHP code path vulnerability exists in phpMyAdmin. ...

phpMyAdmin dbase extension remote code execution vulnerability

No description provided by source...

Telpho10 Backup Credentials Dumper

This module exploits a vulnerability present in all versions of Telpho10 telephone system appliance. This module generates a configuration backup of Telpho10, downloads the file and dumps the credentials for admin login, phpmyadmin, phpldapadmin, etc. This module has been successfully tested on t...

phpMyAdmin cross-site scripting vulnerability (CNVD-2016-09540)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in...

phpMyAdmin cross-site scripting vulnerability (CNVD-2016-09671)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in...

Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" phpmyadmin has multiple vulnerabilities. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 5.1.6 and below Vulnerability Type: Multiple...

Internet Bug Bounty: Malicious Server can force read any file on clients system with default configuration in MySQL Clients

Although it is documented that the default binary distributions of MySQL/MariaDB/Percona all seem to be compiled with allow local infile enabled, the warning is misleading. The transfer of the file from the client host to the server host is initiated by the MySQL server. In theory, a patched serv...