FreeBSD : phpmyadmin -- XSS vulnerability in normalization page (7694927f-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : With a crafted table name it is possible to trigger an XSS attack in the database normalization page. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token...

FreeBSD : phpmyadmin -- Full path disclosure vulnerability in SQL parser (78b4ebfb-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider this vulnerability...

FreeBSD : phpmyadmin -- Unsafe generation of XSRF/CSRF token (60ab0e93-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. We consider this vulnerability to be non-critical. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

FreeBSD : phpmyadmin -- Multiple full path disclosure vulnerabilities (740badcb-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to...

FreeBSD : phpmyadmin -- Multiple full path disclosure vulnerabilities (5d6a204f-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to...

FreeBSD : phpmyadmin -- Multiple XSS vulnerabilities (6cc06eec-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : - With a crafted table name it is possible to trigger an XSS attack in the database search page. - With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. - With a crafted hostname header, it i...

FreeBSD : phpmyadmin -- XSS vulnerability in SQL editor (7a59e283-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection...

FreeBSD : phpmyadmin -- Unsafe comparison of XSRF/CSRF token (71b24d99-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern. We consider this vulnerability to be...

FreeBSD : phpmyadmin -- Insecure password generation in JavaScript (6f0c2d1b-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. We consider this vulnerability to be non-critical. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

phpmyadmin -- Unsafe comparison of XSRF/CSRF token

The phpMyAdmin development team reports: The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern. We consider this vulnerability to be seriou...

phpmyadmin -- Multiple XSS vulnerabilities

The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. With a crafted hostname header, it is...

phpmyadmin -- Unsafe generation of XSRF/CSRF token

The phpMyAdmin development team reports: The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. We consider this vulnerability to be non-critical...

phpmyadmin -- XSS vulnerability in SQL editor

The phpMyAdmin development team reports: With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection preven...

phpmyadmin -- XSS vulnerability in normalization page

The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database normalization page. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token...

phpmyadmin -- Insecure password generation in JavaScript

The phpMyAdmin development team reports: Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. We consider this vulnerability to be non-critical...

phpmyadmin -- Full path disclosure vulnerability in SQL parser

The phpMyAdmin development team reports: By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider this vulnerability ...

phpmyadmin -- Multiple full path disclosure vulnerabilities

The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...

phpmyadmin -- Multiple full path disclosure vulnerabilities

The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...

openSUSE Security Update : phpMyAdmin (openSUSE-2016-13)

phpMyAdmin was updated to 4.4.15.2 to fix one security issue and one non-security bug. The following vulnerability was fixed : - CVE-2015-8669: It was possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed boo96028...

XSS vulnerability in normalization page.

PMASA-2016-7 Announcement-ID: PMASA-2016-7 Date: 2016-01-24 Summary XSS vulnerability in normalization page. Description With a crafted table name it is possible to trigger an XSS attack in the database normalization page. Severity We consider this vulnerability to be non-critical. Mitigation...