Debian: Security Advisory (DLA-336-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0471)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Various Jira Server setup resources are vulnerable to XSRF/CSRF - CVE-2019-20401

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery CSRF vulnerabilities. Once a Jira instance is setup i.e. database, admin account, licence, etc. form ar...

openSUSE Security Update : phpMyAdmin (openSUSE-2019-1009)

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245 : - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...

Fedora 28 : phpMyAdmin (2018-5aeca60933)

Upstream announcement : The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes. The security fixes involve : - Local file inclusion https://www.phpmyadmin.net/security/PMASA-2018-6/, - XSRF/CSRF...

Security update for phpMyAdmin (moderate)

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245: - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...

phpMyAdmin -- multiple vulnerabilities

The phpMyAdmin development team reports: Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables,...

Fedora 26 : phpMyAdmin (2017-481515e199)

Upstream announcement : Welcome to phpMyAdmin 4.7.7, a regular maintenance release containing bug fixes and a security fix. The security vulnerability is a XSRF/CSRF flaw; you can read more at https://www.phpmyadmin.net/security/PMASA-2017-9/ As a result of this, we recommend all users upgrade...

Updated phpmyadmin packages fix security vulnerability

Due to an XSRF/CSRF vulnerability in phpMyAdmin before 4.7.7, by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc PMASA-2017-9. The phpmyadmin package has been updated to version 4.7.7 to fix...

FreeBSD : phpMyAdmin -- XSRF/CSRF vulnerability (63eb2b11-e802-11e7-a58c-6805ca0b3d42)

The phpMyAdmin team reports : Description By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Severity We consider this vulnerability to be critical. %NASLMINLEVEL 70300 C Tenable Network...

openSUSE Security Update : phpMyAdmin (openSUSE-2016-151)

This update to phpMyAdmin 4.4.15.4 fixes the following issues boo964024 - CVE-2016-2038: Multiple full path disclosure vulnerabilities - CVE-2016-2039: Unsafe generation of XSRF/CSRF token - CVE-2016-2040: Multiple XSS vulnerabilities - CVE-2016-1927: Insecure password generation in JavaScript -...

FreeBSD : phpmyadmin -- Unsafe generation of XSRF/CSRF token (60ab0e93-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. We consider this vulnerability to be non-critical. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

phpmyadmin -- Unsafe comparison of XSRF/CSRF token

The phpMyAdmin development team reports: The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern. We consider this vulnerability to be seriou...

Unsafe generation of XSRF/CSRF token.

PMASA-2016-2 Announcement-ID: PMASA-2016-2 Date: 2016-01-24 Summary Unsafe generation of XSRF/CSRF token. Description The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. Severity We consider this vulnerability to be...

Unsafe comparison of XSRF/CSRF token.

PMASA-2016-5 Announcement-ID: PMASA-2016-5 Date: 2016-01-24 Summary Unsafe comparison of XSRF/CSRF token. Description The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF...

[SECURITY] [DLA 336-1] phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-9 CVE ID : CVE-2014-8958 CVE-2014-9218 CVE-2015-2206 CVE-2015-3902 Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL. CVE-2014-8958 Multiple cross-site scripting XSS vulnerabilities. CVE-2014-9218 Denial of service resource...

[SECURITY] [DSA 3382-1] phpmyadmin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3382-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst October 28, 2015 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3382-1 (phpmyadmin - security update)

Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL. CVE-2014-8958 Wheezy only Multiple cross-site scripting XSS vulnerabilities. CVE-2014-9218 Wheezy only Denial of service resource consumption via a long password. CVE-2015-2206 Risk of BREACH attack due to...

DLA-336-1 phpmyadmin - security update

Bulletin has no description...

XSRF/CSRF vulnerability in phpMyAdmin setup.

PMASA-2015-2 Announcement-ID: PMASA-2015-2 Date: 2015-05-13 Summary XSRF/CSRF vulnerability in phpMyAdmin setup. Description By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. Severity We consider this vulnerability...