CVE-2017-1000017

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server...

CVE-2017-1000014

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality...

CVE-2017-1000015

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters...

CVE-2017-1000018

CVE-2017-1000018 affects phpMyAdmin 4.0, 4.4, and 4.6. The vulnerability allows a denial-of-service in the replication status by sending a specially crafted table name. The provided sources consistently describe a DOS impact without detailing exploitation steps beyond the specific input vector. T...

CVE-2017-1000014

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality...

CVE-2017-1000014

CVE-2017-1000014 affects phpMyAdmin up to v4.6, where the table-editing input handling is vulnerable to a denial of service. The root cause, per the Ubuntu USN entry, is improper sanitization of input during the table editing operation, which could trigger a recursive condition and exhaust resour...

CVE-2017-1000018

phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name...

CVE-2017-1000013

CVE-2017-1000013 affects phpMyAdmin 4.0, 4.4, and 4.6, which are vulnerable to an open redirect weakness. The available documents confirm the vulnerable product versions and the nature of the flaw (open redirect). No detailed root-cause, affected files, or concrete exploitation steps are provided...

CVE-2017-1000015

CVE-2017-1000015 : phpMyAdmin versions 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack via crafted cookie parameters. The connected documents confirm the affected software and the underlying issue is a CSS injection triggered by cookie values; no exploit details or in‑the‑wild data are...

CVE-2017-1000017

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server...

CVE-2017-1000015

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters...

CVE-2017-1000013

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness...

GLSA-201707-03 : phpMyAdmin: Security bypass

The remote host is affected by the vulnerability described in GLSA-201707-03 phpMyAdmin: Security bypass A vulnerability was discovered where the restrictions caused by $cfgServers$iAllowNoPassword = false are bypassed under certain PHP versions. This can lead compromised user accounts, who have ...

phpMyAdmin: Security bypass

Background phpMyAdmin is a web-based management tool for MySQL databases. Description A vulnerability was discovered where the restrictions caused by “$cfg‘Servers’$i‘AllowNoPassword’ = false” are bypassed under certain PHP versions. This can lead compromised user accounts, who have no passwords...

Ampache 3.8.2 Cross Site Scripting

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AMPACHE-v3.8.2-XSS.txt + ISR: ApparitionSec Vendor: ========== ampache.org Product: ============== ampache v3.8.2 A web based audio/video streaming application and file...

phpMyAdmin 4.0.x < 4.0.10.16 Multiple Vulnerabilities (PMASA-2016-17, PMASA-2016-22 - PMASA-2016-24, PMASA-2016-26 - PMASA-2016-28)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.16. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the setup/frames/index.inc.php script that allows an unauthenticated, remote...

phpMyAdmin 4.6.x < 4.6.3 Multiple Vulnerabilities (PMASA-2016-17 - PMASA-2016-28)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.6.x prior to 4.6.3. It is, therefore, affected by the following vulnerabilities: - A flaw exists in the setup/frames/index.inc.php script that allows an unauthenticated, remote attacker ...

phpMyAdmin 4.4.x < 4.4.15.7 Multiple Vulnerabilities (PMASA-2016-17, PMASA-2016-19, PMASA-2016-21 - PMASA-2016-24, PMASA-2016-26 - PMASA-2016-28)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.4.x prior to 4.4.15.7. It is, therefore, affected by the following vulnerabilities: - A flaw exists in the setup/frames/index.inc.php script that allows an unauthenticated, remote attack...

openSUSE Security Update : phpMyAdmin (openSUSE-2017-470)

This update for phpMyAdmin fixes the following issue : - boo1032105: The AllowNoPassword configuration option may have been bypassed when running on PHP5, allowing the login of users who have no password set even with AllowNoPassword set to false PMASA-2017-8 %NASLMINLEVEL 70300 C Tenable Network...

phpMyAdmin Multiple Security Vulnerabilities - 04 (Dec 2016) - Windows

phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...