openSUSE Security Update : phpMyAdmin 4.4.15.4 (openSUSE-2016-168)

Security update to phpMyAdmin 4.4.15.4 The followinng vulnerabilities were fixed: boo964024 - CVE-2016-2038: Multiple full path disclosure vulnerabilities - CVE-2016-2039: Unsafe generation of XSRF/CSRF token - CVE-2016-2040: Multiple XSS vulnerabilities - CVE-2016-1927: Insecure password...

openSUSE Security Update : phpMyAdmin (openSUSE-2016-151)

This update to phpMyAdmin 4.4.15.4 fixes the following issues boo964024 - CVE-2016-2038: Multiple full path disclosure vulnerabilities - CVE-2016-2039: Unsafe generation of XSRF/CSRF token - CVE-2016-2040: Multiple XSS vulnerabilities - CVE-2016-1927: Insecure password generation in JavaScript -...

Mageia: Security Advisory (MGASA-2016-0051)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpMyAdmin security bypass vulnerability (CNVD-2016-00893)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A security vulnerability exists in phpMyAdmin that allows remote attackers to exploit a vulnerability to submit special requests to bypass XSRF/CSRF token parameter restrictions...

phpMyAdmin cross-site scripting vulnerability (CNVD-2016-00891)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A cross-site scripting vulnerability exists in phpMyAdmin, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive...

phpMyAdmin Information Disclosure Vulnerability (CNVD-2016-00892)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A security vulnerability exists in phpMyAdmin that allows remote attackers to exploit the vulnerability to submit special requests to obtain sensitive information...

Updated phpmyadmin/phpseclib packages fix security vulnerability

Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers CVE-2016-1927. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full pa...

MGASA-2016-0051 Updated phpmyadmin/phpseclib packages fix security vulnerability

Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers CVE-2016-1927. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full pa...

[SECURITY] Fedora 23 Update: phpMyAdmin-4.5.4.1-1.fc23

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

phpMyAdmin Information Disclosure Vulnerability

phpMyAdmin is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.4-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Debian DLA-406-1 : phpmyadmin security update

Several flaws were discovered in the CSRF authentication code of phpMyAdmin. CVE-2016-2039 The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. CVE-2016-2041 The comparison of the XSRF/CSRF token parameter with the value saved ...

[SECURITY] [DLA 406-1] phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-11 CVE ID : CVE-2016-2039 CVE-2016-2041 Several flaws were discovered in the CSRF authentication code of phpMyAdmin. CVE-2016-2039 The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values...

phpMyAdmin SQL Parsing Directory Traversal Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A directory traversal vulnerability in the phpMyAdmin SQL parser allows attackers to obtain a PHP error message containing the full path by calling a specially crafted script...

phpMyAdmin SQL Editor Cross Site Scripting Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A cross-site scripting vulnerability exists in the phpMyAdmin SQL parser, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain...

phpMyAdmin Password Guessing Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A security vulnerability exists in phpMyAdmin where the phpMyAdmin 'Math.random' function fails to provide encrypted random numbers, allowing remote attackers to exploit the vulnerability to guess...

DLA-406-1 phpmyadmin - security update

Bulletin has no description...

phpMyAdmin Directory Traversal Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A directory traversal vulnerability exists in phpMyAdmin due to the program failing to properly invoke scripts, allowing remote attackers to exploit the vulnerability by submitting a special directory...

phpMyAdmin Security Restriction Bypass Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A security vulnerability exists in phpMyAdmin due to a failure of the program to properly generate XSRF/CSRF tokens, which allows remote attackers to exploit the vulnerability by submitting special...

phpMyAdmin cross-site scripting vulnerability (CNVD-2016-00797)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A cross-site scripting vulnerability exists in phpMyAdmin, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive...