6027 matches found
Multiple XSS vulnerabilities
PMASA-2016-31 Announcement-ID: PMASA-2016-31 Date: 2016-07-11 Summary Multiple XSS vulnerabilities Description XSS vulnerabilities were discovered in: The database privilege check The "Remove partitioning" functionality Specially crafted database names can trigger the XSS attack. Severity We...
Fedora Update for phpMyAdmin FEDORA-2016-9df3915036
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for phpMyAdmin FEDORA-2016-56ee5cb8b6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple XSS vulnerabilities
PMASA-2016-30 Announcement-ID: PMASA-2016-30 Date: 2016-07-07 Updated: 2016-11-24 Summary Multiple XSS vulnerabilities Description Multiple vulnerabilities have been discovered in the following areas of phpMyAdmin: Zoom search: Specially crafted column content can be used to trigger an XSS attack...
Weakness with cookie encryption
PMASA-2016-29 Announcement-ID: PMASA-2016-29 Date: 2016-07-07 Summary Weakness with cookie encryption Description A pair of vulnerabilities were found affecting the way cookies are stored. The decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker...
MGASA-2016-0240 Updated phpmyadmin packages fix security vulnerability
In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows a BBCode injection to setup script in case it's not accessed on https CVE-2016-5701. In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control...
Updated phpmyadmin packages fix security vulnerability
In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows a BBCode injection to setup script in case it's not accessed on https CVE-2016-5701. In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control...
CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
DEBIAN-CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
CVE-2016-5098
Directory traversal vulnerability in libraries/errorreport.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error...
CVE-2016-5098
Directory traversal vulnerability in libraries/errorreport.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error...
CVE-2016-5097
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...
CVE-2016-5097
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...
DEBIAN-CVE-2016-5097
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...
CVE-2016-5098
Directory traversal vulnerability in libraries/errorreport.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error...
CVE-2016-5097
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...
Directory traversal
Directory traversal vulnerability in libraries/errorreport.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error...
Code injection
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...
CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...