phpMyAdmin Security Bypass Vulnerability (CNVD-2016-11853)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...

Multiple SQL injection vulnerabilities in phpMyAdmin (CNVD-2016-11907)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. Multiple SQL injection vulnerabilities exist in...

Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2016-11906)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. Multiple cross-site scripting vulnerabilities exist ...

phpMyAdmin security bypass vulnerability (CNVD-2016-11856)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...

phpMyAdmin Denial of Service Vulnerability (CNVD-2016-11852)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A denial of service vulnerability exists in...

phpMyAdmin security bypass vulnerability (CNVD-2016-11855)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...

phpMyAdmin Insecure Password Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. phpMyAdmin has a security vulnerability. Allowing an...

FreeBSD : phpMyAdmin -- multiple vulnerabilities (6fe72178-b2e3-11e6-8b2a-6805ca0b3d42)

Please reference CVE/URL list for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution and use in source VuXML and...

CSRF token not stripped from the URL

PMASA-2016-71 Announcement-ID: PMASA-2016-71 Date: 2016-11-25 Updated: 2016-12-06 Summary CSRF token not stripped from the URL Description When the argseparator is different from its default value of &, the token was not properly stripped from the return URL of the preference import action...

Multiple DOS vulnerabilities

PMASA-2016-65 Announcement-ID: PMASA-2016-65 Date: 2016-11-25 Updated: 2016-12-06 Summary Multiple DOS vulnerabilities Description With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. With a crafted request parameter value it is...

Username rule matching issues

PMASA-2016-61 Announcement-ID: PMASA-2016-61 Date: 2016-11-25 Updated: 2016-12-06 Summary Username rule matching issues Description A vulnerability in username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution tim...

Multiple SQL injection vulnerabilities

PMASA-2016-69 Announcement-ID: PMASA-2016-69 Date: 2016-11-25 Updated: 2016-12-06 Summary Multiple SQL injection vulnerabilities Description With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the...

Multiple XSS vulnerabilities

PMASA-2016-64 Announcement-ID: PMASA-2016-64 Date: 2016-11-25 Updated: 2016-12-06 Summary Multiple XSS vulnerabilities Description Several XSS vulnerabilities have been reported, including an improper fix for PMASA-2016-10 and a weakness in a regular expression using in some JavaScript processing...

Bypass logout timeout

PMASA-2016-62 Announcement-ID: PMASA-2016-62 Date: 2016-11-25 Updated: 2016-12-06 Summary Bypass logout timeout Description With a crafted request parameter value it is possible to bypass the logout timeout. Severity We consider this vulnerability to be of moderate severity. Affected Versions All...

BBCode injection vulnerability

PMASA-2016-67 Announcement-ID: PMASA-2016-67 Date: 2016-11-25 Updated: 2016-12-06 Summary BBCode injection vulnerability Description With a crafted login request it is possible to inject BBCode in the login page. Severity We consider this vulnerability to be severe. Mitigation factor This exploit...

Multiple full path disclosure vulnerabilities

PMASA-2016-63 Announcement-ID: PMASA-2016-63 Date: 2016-11-25 Updated: 2016-12-06 Summary Multiple full path disclosure vulnerabilities Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which...

phpinfo information leak value of sensitive (HttpOnly) cookies

PMASA-2016-59 Announcement-ID: PMASA-2016-59 Date: 2016-11-25 Updated: 2016-12-06 Summary phpinfo information leak value of sensitive HttpOnly cookies Description phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. Severity We consider this vulnerability to be...

Bypass white-list protection for URL redirection

PMASA-2016-66 Announcement-ID: PMASA-2016-66 Date: 2016-11-25 Updated: 2016-12-06 Summary Bypass white-list protection for URL redirection Description Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. Severity We consider this vulnerability to be of...

Open redirection

PMASA-2016-57 Announcement-ID: PMASA-2016-57 Date: 2016-11-25 Summary Open redirection Description A vulnerability was discovered where a user can be tricked in to following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the...

Username deny rules bypass (AllowRoot & Others) by using Null Byte

PMASA-2016-60 Announcement-ID: PMASA-2016-60 Date: 2016-11-25 Updated: 2016-12-06 Summary Username deny rules bypass AllowRoot & Others by using Null Byte Description It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the...