Cookie attribute injection attack

PMASA-2016-18 Announcement-ID: PMASA-2016-18 Date: 2016-06-23 Summary Cookie attribute injection attack Description A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Severity We consider this to be non-critical. Mitigation...

Fedora Update for phpMyAdmin FEDORA-2016-e3240782ec

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: phpMyAdmin-4.6.2-1.fc24

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

phpMyAdmin 4.5.x < 4.5.5.1 Multiple Vulnerabilities (PMASA-2016-10, PMASA-2016-13)

Binary data 9355.prm...

phpMyAdmin 4.0.x < 4.0.10.15 / 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple XSS (PMASA-2016-11)

Binary data 9356.prm...

phpMyAdmin 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple XSS (PMASA-2016-12)

Binary data 9357.prm...

openSUSE Security Update : phpMyAdmin (openSUSE-2016-712)

This phpMyAdmin update to version 4.4.15.6 fixes the following issues : Security issues fixed : - PMASA-2016-16 CVE-2016-5099, CWE-661: Self XSS, see https://www.phpmyadmin.net/security/PMASA-2016-16/ - PMASA-2016-15 CVE-2016-5098, CWE-661: File Traversal Protection Bypass on Error Reporting, see...

Fedora Update for phpMyAdmin FEDORA-2016-55261b6815

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for phpMyAdmin FEDORA-2016-cd05bd994a

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.6.2-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 23 Update: phpMyAdmin-4.6.2-1.fc23

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

openSUSE Security Update : phpMyAdmin (openSUSE-2016-655)

phpMyAdmin was updated to fix one security issue. The following vulnerability was fixed : - CVE-2016-5099: Self XSS vulneratbility - A specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page boo982128...

[SECURITY] [DLA 481-2] phpmyadmin regression update

Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u4 CVE ID : CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-2041 CVE-2016-2045 CVE-2016-2560 Debian Bug : 825301 The previous security upload broke the search pages in phpMyAdmin. This was caused by a broken patch applied to fix...

DLA-481-2 phpmyadmin - regression update

Bulletin has no description...

Updated phpmyadmin package fixes CVE-2016-5099

In phpMyAdmin before 4.4.15.6, a specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page CVE-2016-5099...

FreeBSD : phpmyadmin -- XSS and sensitive data leakage (00ec1be1-22bb-11e6-9ead-6805ca0b3d42)

The phpmyadmin development team reports : Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attackers monitoring user GET query parameters or included in the webserver logs. Severity We...

File Traversal Protection Bypass on Error Reporting

PMASA-2016-15 Announcement-ID: PMASA-2016-15 Date: 2016-05-25 Updated: 2016-05-26 Summary File Traversal Protection Bypass on Error Reporting Description A specially crafted payload could result in the error reporting component exposing whether an arbitrary file exists on the file system and the...

Sensitive Data in URL GET Query Parameters

PMASA-2016-14 Announcement-ID: PMASA-2016-14 Date: 2016-05-25 Updated: 2016-05-30 Summary Sensitive Data in URL GET Query Parameters Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attacke...

Self XSS

PMASA-2016-16 Announcement-ID: PMASA-2016-16 Date: 2016-05-25 Updated: 2016-05-26 Summary Self XSS Description A specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page. Updated to include CVE ID...

Debian DLA-481-2 : phpmyadmin regression update

The previous security upload broke the search pages in phpMyAdmin. This was caused by a broken patch applied to fix CVE-2016-2040. For Debian 7 'Wheezy', these problems have been fixed in version 4:3.4.11.1-2+deb7u4. NOTE: Tenable Network Security has extracted the preceding description block...