Debian DLA-551-1 : phpmyadmin security update

Phpmyadmin, a web administration tool for MySQL, had several Cross Site Scripting XSS vulnerabilities were reported. CVE-2016-5731 With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script. CVE-2016-5733 Several XSS vulnerabilities...

[SECURITY] [DLA 551-1] phpmyadmin security update

Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u5 CVE ID : CVE-2016-5731 CVE-2016-5733 CVE-2016-5739 Phpmyadmin, a web administration tool for MySQL, had several Cross Site Scripting XSS vulnerabilities were reported. CVE-2016-5731 With a specially crafted request, it is possible to trigger an X...

DLA-551-1 phpmyadmin - security update

Bulletin has no description...

Fedora 24 : phpMyAdmin (2016-81c2dabf20)

phpMyAdmin 4.6.3 2016-06-23 ============================= This version includes many security fixes that are announced as PMASA-2016-17 through PMASA-2016-28 which are posted at https://www.phpmyadmin.net/security/ Furthermore, version 4.6.3 includes the regularly scheduled maintenance improvemen...

Fedora 22 : phpMyAdmin (2016-56ee5cb8b6)

phpMyAdmin 4.6.3 2016-06-23 ============================= This version includes many security fixes that are announced as PMASA-2016-17 through PMASA-2016-28 which are posted at https://www.phpmyadmin.net/security/ Furthermore, version 4.6.3 includes the regularly scheduled maintenance improvemen...

Fedora 23 : phpMyAdmin (2016-9df3915036)

phpMyAdmin 4.6.3 2016-06-23 ============================= This version includes many security fixes that are announced as PMASA-2016-17 through PMASA-2016-28 which are posted at https://www.phpmyadmin.net/security/ Furthermore, version 4.6.3 includes the regularly scheduled maintenance improvemen...

SQL injection attack as control user

PMASA-2016-42 Announcement-ID: PMASA-2016-42 Date: 2016-07-15 Summary SQL injection attack as control user Description A vulnerability was discovered in the user interface preference feature where a user can execute an SQL injection attack against the account of the control user. Severity We...

Fedora 24 : phpMyAdmin (2016-e3240782ec)

phpMyAdmin 4.6.2 2016-05-25 ============================= - security User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14 - security Self XSS vulneratbility, see PMASA-2016-16 - Use https for documentation links - Fix schema export with too many tables - Avoid parsing no...

Fedora 22 : phpMyAdmin (2016-cd05bd994a)

phpMyAdmin 4.6.2 2016-05-25 ============================= - security User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14 - security Self XSS vulneratbility, see PMASA-2016-16 - Use https for documentation links - Fix schema export with too many tables - Avoid parsing no...

Fedora 23 : phpMyAdmin (2016-55261b6815)

phpMyAdmin 4.6.2 2016-05-25 ============================= - security User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14 - security Self XSS vulneratbility, see PMASA-2016-16 - Use https for documentation links - Fix schema export with too many tables - Avoid parsing no...

SQL injection attack

PMASA-2016-40 Announcement-ID: PMASA-2016-40 Date: 2016-07-14 Summary SQL injection attack Description A vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. Severity We consider this...

SQL injection attack

PMASA-2016-39 Announcement-ID: PMASA-2016-39 Date: 2016-07-14 Summary SQL injection attack Description A vulnerability was discovered in the following features where a user can execute an SQL injection attack against the account of the control user: User group Designer Severity We consider this...

Denial of service (DOS) attack in transformation feature

PMASA-2016-41 Announcement-ID: PMASA-2016-41 Date: 2016-07-14 Summary Denial of service DOS attack in transformation feature Description A vulnerability was found in the transformation feature allowing a user to trigger a denial-of-service DOS attack against the server. Severity We consider this...

Multiple XSS vulnerabilities

PMASA-2016-38 Announcement-ID: PMASA-2016-38 Date: 2016-07-13 Summary Multiple XSS vulnerabilities Description Multiple XSS vulnerabilities were found in the following areas: Navigation pane and database/table hiding feature. A specially-crafted database name can be used to trigger an XSS attack...

Full path disclosure

PMASA-2016-33 Announcement-ID: PMASA-2016-33 Date: 2016-07-12 Summary Full path disclosure Description A full path disclosure vulnerability was discovered where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. Severity We consider...

Local file exposure

PMASA-2016-35 Announcement-ID: PMASA-2016-35 Date: 2016-07-12 Summary Local file exposure Description A vulnerability was discovered where a user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. Severity We consider this vulnerability to be...

Local file exposure through symlinks with UploadDir

PMASA-2016-36 Announcement-ID: PMASA-2016-36 Date: 2016-07-12 Summary Local file exposure through symlinks with UploadDir Description A vulnerability was found where a user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin...

Path traversal with SaveDir and UploadDir

PMASA-2016-37 Announcement-ID: PMASA-2016-37 Date: 2016-07-12 Summary Path traversal with SaveDir and UploadDir Description A vulnerability was reported with the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a...

SQL injection attack

PMASA-2016-34 Announcement-ID: PMASA-2016-34 Date: 2016-07-12 Summary SQL injection attack Description A vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. Severity We consider this...

PHP code injection

PMASA-2016-32 Announcement-ID: PMASA-2016-32 Date: 2016-07-12 Summary PHP code injection Description A vulnerability was found where a specially crafted database name could be used to run arbitrary PHP commands through the array export feature Severity We consider these vulnerabilities to be of...