Insecure password generation in JavaScript.

PMASA-2016-4 Announcement-ID: PMASA-2016-4 Date: 2016-01-24 Summary Insecure password generation in JavaScript. Description Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. Severity We consider this vulnerability to be non-critical...

XSS vulnerability in SQL editor.

PMASA-2016-9 Announcement-ID: PMASA-2016-9 Date: 2016-01-24 Summary XSS vulnerability in SQL editor. Description With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor. Severity We consider this vulnerability to be non-critical. Mitigation factor This vulnerability ca...

Multiple full path disclosure vulnerabilities.

PMASA-2016-6 Announcement-ID: PMASA-2016-6 Date: 2016-01-24 Summary Multiple full path disclosure vulnerabilities. Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path...

Multiple XSS vulnerabilities.

PMASA-2016-3 Announcement-ID: PMASA-2016-3 Date: 2016-01-24 Summary Multiple XSS vulnerabilities. Description With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks...

Unsafe generation of XSRF/CSRF token.

PMASA-2016-2 Announcement-ID: PMASA-2016-2 Date: 2016-01-24 Summary Unsafe generation of XSRF/CSRF token. Description The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. Severity We consider this vulnerability to be...

Full path disclosure vulnerability in SQL parser.

PMASA-2016-8 Announcement-ID: PMASA-2016-8 Date: 2016-01-24 Summary Full path disclosure vulnerability in SQL parser. Description By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the...

phpMyAdmin 'libraries/select_lang.lib.php' Information Disclosure Vulnerability (PMASA-2015-1)

phpMyAdmin is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

Mageia: Security Advisory (MGASA-2016-0002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2016-0002 Updated phpmyadmin packages fix security vulnerability

By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed CVE-2015-8669...

Updated phpmyadmin packages fix security vulnerability

By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed CVE-2015-8669...

phpMyAdmin libraries/config/messages.inc.php信息泄露漏洞

No description provided by source...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.3.1-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 23 Update: phpMyAdmin-4.5.3.1-1.fc23

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Fedora Update for phpMyAdmin FEDORA-2015-345966871

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpMyAdmin libraries/config/messages.inc.php information disclosure vulnerability

phpmyadmin is an online management tool for MySQL databases. A security vulnerability exists in libraries/config/messages.inc.php in phpMyAdmin versions 4.0.x-4.0.10.12, 4.4.x-4.4.15.2, 4.5.x-4.5.3.1. A remote attacker can exploit this vulnerability to obtain sensitive information...

FreeBSD : phpMyAdmin -- path disclosure vulnerability (88f75070-abcf-11e5-83d3-6805ca0b3d42)

The phpMyAdmin development team reports : By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to...

CVE-2015-8669

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

DEBIAN-CVE-2015-8669

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

CVE-2015-8669

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

Design/Logic Flaw

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...