6027 matches found
CVE-2016-5739
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...
CVE-2016-5734
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...
CVE-2016-5731
Cross-site scripting XSS vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message...
CVE-2016-5732
Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...
CVE-2016-5702
phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...
CVE-2016-5733
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...
phpMyAdmin cross-site scripting vulnerability (CNVD-2016-04395)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in...
phpMyAdmin cross-site scripting vulnerability (CNVD-2016-04394)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in...
phpMyAdmin Arbitrary Code Execution Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin that...
phpMyAdmin Cross-Site Request Forgery Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. There is a security vulnerability in phpMyAdmin. An...
phpMyAdmin cross-site scripting vulnerability (CNVD-2016-04396)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in...
openSUSE Security Update : phpMyAdmin (openSUSE-2016-804)
phpMyAdmin was updated to version 4.4.15.7 to fix eight security issues. These security issues were fixed : - CVE-2016-5701: BBCode injection vulnerability boo986154 - CVE-2016-5703: SQL injection attack boo986154 - CVE-2016-5705: Multiple XSS vulnerabilities boo986154 - CVE-2016-5706: DOS attack...
openSUSE Security Update : phpMyAdmin (openSUSE-2016-806)
This phpMyAdmin update to version 4.4.15.7 fixes the following issues : Issues fixed: Setup script doesn't use input type 'password' in all relevant locations Security issues fixed : - PMASA-2016-17 CVE-2016-5701, CWE-661 https://www.phpmyadmin.net/security/PMASA-2016-17/ - BBCode injection...
Fedora Update for phpMyAdmin FEDORA-2016-81c2dabf20
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 24 Update: phpMyAdmin-4.6.3-1.fc24
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
phpmyadmin: multiple issues
CVE-2016-5702 cookie attribute injection A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Only affected when PHPSELF is not set. - CVE-2016-5703 SQL injection A vulnerability was discovered that allows an SQL injection...
phpMyAdmin Full Path Disclosure Vulnerability
phpmyadmin is an online management tool for MySQL databases. phpmyadmin versions 4.4.x, 4.6.x, 4.0.x are available at . /setup/, . /examples/ are vulnerable to a full path disclosure vulnerability, which can be exploited by an attacker with a constructed script that triggers a PHP error message t...
phpMyAdmin Denial of Service Vulnerability
phpmyadmin is an online management tool for MySQL databases. A denial of service vulnerability exists in phpmyadmin versions 4.4.x, 4.6.x, and 4.0.x in loading certain JavaScript files, which can be exploited by an attacker to cause a denial of service attack...
phpMyAdmin SQL Injection Vulnerability
phpmyadmin is an online management tool for MySQL databases. A SQL injection vulnerability exists in phpmyadmin versions 4.6.x, 4.4.x, which can be exploited by an attacker to run arbitrary commands with root privileges...
phpMyAdmin Table Structure Page Cross Site Scripting Vulnerability
phpmyadmin is an online management tool for MySQL databases. A cross-site scripting vulnerability exists in the table structure page of phpmyadmin version 4.6.x, which can be exploited by an attacker to execute arbitrary scripts across sites...