FreeBSD : phpMyAdmin -- Multiple vulnerabilities (7721562b-e20a-11e6-b2e2-6805ca0b3d42)

The phpMyAdmin development team reports : Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

phpMyAdmin Server-Side Request Forgery Security Bypass Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...

phpMyAdmin incomplete fix for security bypass vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...

Open redirect

PMASA-2017-1 Announcement-ID: PMASA-2017-1 Date: 2017-01-24 Summary Open redirect Description It was possible to trick phpMyAdmin to redirect to insecure using special request path. Severity We consider this vulnerability to be non critical. Affected Versions All 4.6.x versions prior to 4.6.6,...

phpMyAdmin -- Multiple vulnerabilities

The phpMyAdmin development team reports: Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status...

DOS in replication status

PMASA-2017-7 Announcement-ID: PMASA-2017-7 Date: 2017-01-24 Summary DOS in replication status Description It was possible to trigger DOS in replication status by specially crafted table name. Severity We consider this to be non critical. Affected Versions All 4.6.x versions prior to 4.6.6, 4.4.x...

php-gettext code execution

PMASA-2017-2 Announcement-ID: PMASA-2017-2 Date: 2017-01-24 Summary php-gettext code execution Description The php-gettext library can suffer from a code execution vulnerability. However, there is no way to trigger this inside phpMyAdmin. Severity We consider this to be minor. Affected Versions...

CSS injection in themes

PMASA-2017-4 Announcement-ID: PMASA-2017-4 Date: 2017-01-24 Summary CSS injection in themes Description It was possible to cause CSS injection in themes by crafted cookie parameters. Severity We consider this to be non critical. Affected Versions All 4.6.x versions prior to 4.6.6, 4.4.x versions...

Multiple vulnerabilities in setup script

PMASA-2016-44 Announcement-ID: PMASA-2016-44 Date: 2017-01-24 Summary Multiple vulnerabilities in setup script Description A server-side request forgery vulnerability was reported with the setup script. This flaw can allow an unauthenticated attacker to: 1. brute-force passwords of MYSQL servers...

SSRF in replication

PMASA-2017-6 Announcement-ID: PMASA-2017-6 Date: 2017-01-24 Summary SSRF in replication Description For a user with appropriate MySQL privileges it was possible to connect to arbitrary host. Severity We consider this to be non-critical. Mitigation factor The vulnerability is exposed only to MySQL...

Cookie attribute injection attack

PMASA-2017-5 Announcement-ID: PMASA-2017-5 Date: 2017-01-24 Summary Cookie attribute injection attack Description A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. This was incompletely fixed in PMASA-2016-18. Severity We...

DOS vulnerabiltiy in table editing

PMASA-2017-3 Announcement-ID: PMASA-2017-3 Date: 2017-01-24 Summary DOS vulnerabiltiy in table editing Description It was possible to trigger recursive include operation by crafter parameters when editing table data. Severity We consider this to be non critical. Mitigation factor Do not click on...

GLSA-201701-32 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201701-32 phpMyAdmin: Multiple vulnerabilities Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact : A authenticated remote attacker could exploit the...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact A authenticated remote attacker could exploit these vulnerabilities to execute...

phpMyAdmin 4.4.15.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Information Disclosure

Binary data 9856.prm...

phpMyAdmin Multiple Vulnerabilities (PMASA-2016-38) - Windows

phpMyAdmin is prone to a SQL injection and multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

phpMyAdmin Multiple Vulnerabilities (PMASA-2016-38) - Linux

phpMyAdmin is prone to a SQL injection and multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

phpMyAdmin Denial of Service Vulnerability (CNVD-2016-13235)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A denial of service vulnerability exists in phpMyAdmin. An attacker can exploit this vulnerability to cause a denial of service with specially crafted request parameter values...

Debian DLA-757-1 : phpmyadmin security update

Various security issues where found and fixed in phpmyadmin in wheezy. CVE-2016-4412 / PMASA-2016-57 A user can be tricked in following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. CVE-2016-6626 / PMASA-2016-49 In the fix for PMASA-2016-57, we didn...

phpMyAdmin Denial of Service Vulnerability (CNVD-2016-13236)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A denial of service vulnerability exists in phpMyAdmin. An attacker can exploit this vulnerability to cause a denial of service...