4627 matches found
Fedora Update for phpMyAdmin FEDORA-2014-10981
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XSS vulnerabilities in table search and table structure pages.
PMASA-2014-11 Announcement-ID: PMASA-2014-11 Date: 2014-10-01 Summary XSS vulnerabilities in table search and table structure pages. Description With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. Severity We consider this vulnerability to be non...
phpMyAdmin -- XSS vulnerabilities
The phpMyAdmin development team reports: With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...
Glype 1.4.9 - Local Address Filter Bypass
No description provided by source. ------------------------------------------------------------------------ Glype proxy local address filter bypass ------------------------------------------------------------------------ Securify, September 2014...
Several vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to Cross-Site Scripting and Cross-Site Request Forgery. Release Date: September 26, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: versi...
Fedora 19 : phpMyAdmin-4.2.8.1-2.fc19 (2014-10989)
phpMyAdmin 4.2.8.1 2014-09-13 =============================== - security DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.8.1-2.fc20
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.8.1-2.fc19
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:183)
Updated phpmyadmin package fixes security vulnerability : In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature...
[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.8.1-2.fc21
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Fedora 21 : phpMyAdmin-4.2.8.1-2.fc21 (2014-10885)
phpMyAdmin 4.2.8.1 2014-09-13 =============================== - security DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1150-1)
phpMyAdmin was updated to 4.1.14.4 2014-09-13 fixing bugs and security issues. - PMASA-2014-10 CVE-2014-6300, CWE-661 CWE-352 http://www.phpmyadmin.net/homepage/security/PMASA-2014- 10.php A DOM based XSS was fixed that resulted to a CSRF that creates a ROOT account in certain conditions...
Updated phpmyadmin package fix CVE-2014-6300
Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.1.14.4, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history featu...
PhpMyAdmin SERVER Superglobal Remote Variable Manipulation
A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...
PhpMyAdmin REQUEST Superglobal Remote Variable Manipulation
A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...
phpMyAdmin 4.0.x < 4.0.10.3 / 4.1.x < 4.1.14.4 / 4.2.x < 4.2.8.1 Micro History XSS and XSRF Vulnerabilities (PMASA-2014-10)
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.3, 4.1.x prior to 4.1.14.4, or 4.2.x prior to 4.2.8.1. It is, therefore, affected by an input-validation error related to the 'micro history' feature that could allow...
FreeBSD : phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature (cc627e6c-3b89-11e4-b629-6805ca0b3d42)
The phpMyAdmin development team reports : XSRF/CSRF due to DOM based XSS in the micro history feature. By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micr...
PhpMyAdmin GLOBALS Superglobal Remote Variable Manipulation
A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...
PhpMyAdmin ENV Superglobal Remote Variable Manipulation (CVE-2010-3065)
A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...
XSRF/CSRF due to DOM based XSS in the micro history feature
PMASA-2014-10 Announcement-ID: PMASA-2014-10 Date: 2014-09-13 Summary XSRF/CSRF due to DOM based XSS in the micro history feature Description By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a...