SOL93445609 - phpMyAdmin vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability

The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...

phpMyAdmin 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-6, PMASA-2016-7)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.4.x prior to 4.4.15.3 or 4.5.x prior to 4.5.4. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in the AES.php and...

phpMyAdmin 4.0.x < 4.0.10.13 / 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.13, 4.4.x prior to 4.4.15.3, or 4.5.x prior to 4.5.4. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists due to th...

phpMyAdmin Detection

Binary data 9102.prm...

phpMyAdmin 4.0.x < 4.0.10.9 / 4.2.x < 4.2.13.2 / 4.3.x < 4.3.11.1 Information Disclosure Vulnerability (PMASA-2015-1)

Binary data 9103.prm...

phpMyAdmin 4.0.x < 4.0.10.10 / 4.2.x < 4.2.13.3 / 4.3.x < 4.3.13.1 / 4.4.x < 4.4.6.1 Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3)

Binary data 9104.prm...

phpMyAdmin 4.3.x < 4.3.13.2 / 4.4.x < 4.4.14.1 reCaptcha Bypass (PMASA-2015-4)

Binary data 9105.prm...

Multiple XSS vulnerabilities.

PMASA-2016-12 Announcement-ID: PMASA-2016-12 Date: 2016-02-25 Summary Multiple XSS vulnerabilities. Description With a crafted table/column name it is possible to trigger an XSS attack in the database normalization page. With a crafted parameter it is possible to trigger an XSS attack in the...

XSS vulnerability in SQL parser.

PMASA-2016-10 Announcement-ID: PMASA-2016-10 Date: 2016-02-25 Summary XSS vulnerability in SQL parser. Description Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. Severity We consider this vulnerability to be non-critical. Mitigation factor This...

Vulnerability allowing man-in-the-middle attack on API call to GitHub.

PMASA-2016-13 Announcement-ID: PMASA-2016-13 Date: 2016-02-25 Summary Vulnerability allowing man-in-the-middle attack on API call to GitHub. Description A vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack. Severity We consider this vulnerability to be...

Multiple XSS vulnerabilities.

PMASA-2016-11 Announcement-ID: PMASA-2016-11 Date: 2016-02-25 Summary Multiple XSS vulnerabilities. Description By sending a specially crafted URL as part of the HOST header, it is possible to trigger an XSS attack. A weakness was found that allows an XSS attack with Internet Explorer versions...

phpMyAdmin Multiple Vulnerabilities -01 (Feb 2016)

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

phpMyAdmin Multiple Vulnerabilities -03 (Feb 2016)

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

CVE-2016-2045

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

CVE-2016-2043

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

DEBIAN-CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...