Referrer leak in transformations

PMASA-2016-28 Announcement-ID: PMASA-2016-28 Date: 2016-06-23 Summary Referrer leak in transformations Description A vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token. This could be used to direct a CSRF attack...

Multiple full path disclosure vulnerabilities

PMASA-2016-23 Announcement-ID: PMASA-2016-23 Date: 2016-06-23 Summary Multiple full path disclosure vulnerabilities Description This PMASA contains information on multiple full-path disclosure vulnerabilities reported in phpMyAdmin. By specially crafting requests in the following areas, it is...

SQL injection attack

PMASA-2016-19 Announcement-ID: PMASA-2016-19 Date: 2016-06-23 Summary SQL injection attack Description A vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control user. Severity We consider this vulnerability to be serious Mitigation factor This...

phpMyAdmin -- multiple vulnerabilities

Please reference CVE/URL list for details...

BBCode injection vulnerability

PMASA-2016-17 Announcement-ID: PMASA-2016-17 Date: 2016-06-23 Summary BBCode injection vulnerability Description A vulnerability was discovered that allows an BBCode injection to setup script in case it's not accessed on https. Severity We consider this to be non-critical. Mitigation factor Alway...

XSS through FPD

PMASA-2016-24 Announcement-ID: PMASA-2016-24 Date: 2016-06-23 Summary XSS through FPD Description With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script. Severity We do not consider this vulnerability to be secure due to the...

XSS in partition range functionality

PMASA-2016-25 Announcement-ID: PMASA-2016-25 Date: 2016-06-23 Summary XSS in partition range functionality Description A vulnerability was reported allowing a specially crafted table parameters to cause an XSS attack through the table structure page. Severity We consider this vulnerability to be...

XSS on table structure page

PMASA-2016-20 Announcement-ID: PMASA-2016-20 Date: 2016-06-23 Summary XSS on table structure page Description An XSS vulnerability was discovered on the table structure page Severity We consider this to be a serious vulnerability Affected Versions All 4.6.x versions prior to 4.6.3 are affected...

DOS attack

PMASA-2016-22 Announcement-ID: PMASA-2016-22 Date: 2016-06-23 Summary DOS attack Description A Denial Of Service DOS attack was discovered in the way phpMyAdmin loads some JavaScript files. Severity We consider this to be of moderate severity Affected Versions All 4.6.x versions prior to 4.6.3,...

Multiple XSS vulnerabilities

PMASA-2016-26 Announcement-ID: PMASA-2016-26 Date: 2016-06-23 Summary Multiple XSS vulnerabilities Description A vulnerability was reported allowing a specially crafted table name to cause an XSS attack through the functionality to check database privileges. This XSS doesn't exist in some...

Cookie attribute injection attack

PMASA-2016-18 Announcement-ID: PMASA-2016-18 Date: 2016-06-23 Summary Cookie attribute injection attack Description A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Severity We consider this to be non-critical. Mitigation...

Fedora Update for phpMyAdmin FEDORA-2016-e3240782ec

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: phpMyAdmin-4.6.2-1.fc24

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

phpMyAdmin 4.0.x < 4.0.10.15 / 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple XSS (PMASA-2016-11)

Binary data 9356.prm...

phpMyAdmin < 4.6.2 Information Disclosure (PMASA-2016-14)

Binary data 9358.prm...

phpMyAdmin 4.5.x < 4.5.5.1 Multiple Vulnerabilities (PMASA-2016-10, PMASA-2016-13)

Binary data 9355.prm...

phpMyAdmin 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple XSS (PMASA-2016-12)

Binary data 9357.prm...

openSUSE Security Update : phpMyAdmin (openSUSE-2016-712)

This phpMyAdmin update to version 4.4.15.6 fixes the following issues : Security issues fixed : - PMASA-2016-16 CVE-2016-5099, CWE-661: Self XSS, see https://www.phpmyadmin.net/security/PMASA-2016-16/ - PMASA-2016-15 CVE-2016-5098, CWE-661: File Traversal Protection Bypass on Error Reporting, see...

Fedora Update for phpMyAdmin FEDORA-2016-cd05bd994a

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for phpMyAdmin FEDORA-2016-55261b6815

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...