4627 matches found
phpMyAdmin SQL Editor Cross Site Scripting Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A cross-site scripting vulnerability exists in the phpMyAdmin SQL parser, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain...
DLA-406-1 phpmyadmin - security update
Bulletin has no description...
FreeBSD : phpmyadmin -- XSS vulnerability in normalization page (7694927f-c60b-11e5-bf36-6805ca0b3d42)
The phpMyAdmin development team reports : With a crafted table name it is possible to trigger an XSS attack in the database normalization page. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token...
FreeBSD : phpmyadmin -- Multiple XSS vulnerabilities (6cc06eec-c60b-11e5-bf36-6805ca0b3d42)
The phpMyAdmin development team reports : - With a crafted table name it is possible to trigger an XSS attack in the database search page. - With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. - With a crafted hostname header, it i...
FreeBSD : phpmyadmin -- Multiple full path disclosure vulnerabilities (740badcb-c60b-11e5-bf36-6805ca0b3d42)
The phpMyAdmin development team reports : By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to...
FreeBSD : phpmyadmin -- Unsafe comparison of XSRF/CSRF token (71b24d99-c60b-11e5-bf36-6805ca0b3d42)
The phpMyAdmin development team reports : The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern. We consider this vulnerability to be...
FreeBSD : phpmyadmin -- XSS vulnerability in SQL editor (7a59e283-c60b-11e5-bf36-6805ca0b3d42)
The phpMyAdmin development team reports : With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection...
FreeBSD : phpmyadmin -- Insecure password generation in JavaScript (6f0c2d1b-c60b-11e5-bf36-6805ca0b3d42)
The phpMyAdmin development team reports : Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. We consider this vulnerability to be non-critical. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
FreeBSD : phpmyadmin -- Full path disclosure vulnerability in SQL parser (78b4ebfb-c60b-11e5-bf36-6805ca0b3d42)
The phpMyAdmin development team reports : By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider this vulnerability...
FreeBSD : phpmyadmin -- Multiple full path disclosure vulnerabilities (5d6a204f-c60b-11e5-bf36-6805ca0b3d42)
The phpMyAdmin development team reports : By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to...
FreeBSD : phpmyadmin -- Unsafe generation of XSRF/CSRF token (60ab0e93-c60b-11e5-bf36-6805ca0b3d42)
The phpMyAdmin development team reports : The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. We consider this vulnerability to be non-critical. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
phpmyadmin -- XSS vulnerability in SQL editor
The phpMyAdmin development team reports: With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection preven...
phpmyadmin -- Full path disclosure vulnerability in SQL parser
The phpMyAdmin development team reports: By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider this vulnerability ...
phpmyadmin -- XSS vulnerability in normalization page
The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database normalization page. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token...
phpmyadmin -- Multiple full path disclosure vulnerabilities
The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...
phpmyadmin -- Unsafe comparison of XSRF/CSRF token
The phpMyAdmin development team reports: The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern. We consider this vulnerability to be seriou...
phpmyadmin -- Insecure password generation in JavaScript
The phpMyAdmin development team reports: Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. We consider this vulnerability to be non-critical...
phpmyadmin -- Multiple XSS vulnerabilities
The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. With a crafted hostname header, it is...
phpmyadmin -- Unsafe generation of XSRF/CSRF token
The phpMyAdmin development team reports: The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. We consider this vulnerability to be non-critical...
phpmyadmin -- Multiple full path disclosure vulnerabilities
The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...