Download
| Alert*
|
oval:org.secpod.oval:def:1801276
CVE-2018-19968: Local file inclusion through transformation feature.¶ A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any da ... oval:org.secpod.oval:def:1800040 CVE-2017-1000499: By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Affected Versions:¶ Versions 4.7.x are affected. oval:org.secpod.oval:def:1800919 CVE-2016-6606: Weakness with cookie encryption All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6607: Multiple XSS vulnerabilities All 4.6.x versions , 4.4.x versions , and 4.0.x versions are ... oval:org.secpod.oval:def:107286 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:107288 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:107432 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:107373 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:107662 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:107725 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:107974 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:107979 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:108188 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:108044 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:108220 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:108067 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:602256 Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL. CVE-2014-8958 Multiple cross-site scripting vulnerabilities. CVE-2014-9218 Denial of service via a long password. CVE-2015-2206 Risk of BREACH attack due to reflected parameter. CVE-2015-3902 XSRF/CSRF vulnerabi ... oval:org.secpod.oval:def:108494 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:108496 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:601714 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4995 Authenticatd users could inject arbitrary web script or HTML via a crafted SQL query. CVE-2013-4996 C ... oval:org.secpod.oval:def:1801355 CVE-2019-6798: SQL injection in Designer feature Affected Versions:¶ phpMyAdmin versions from 4.5.0 through 4.8.4 are affected. Fixed In Version:¶ phpMyAdmin 4.8.5 oval:org.secpod.oval:def:2000690 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. ... oval:org.secpod.oval:def:2000159 In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. oval:org.secpod.oval:def:1901350 Cross-site scripting vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:2000474 Cross-site scripting vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:115908 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:115903 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:116760 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:116752 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:1900002 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_in file PHP config ... oval:org.secpod.oval:def:2001050 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_infile PHP configu ... oval:org.secpod.oval:def:1900669 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness oval:org.secpod.oval:def:1900745 XSS issues were discovered in phpMyAdmin. This affects Zoom search ; GIS editor ; Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is r ... oval:org.secpod.oval:def:1900707 An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. oval:org.secpod.oval:def:602565 Several vulnerabilities have been fixed in phpMyAdmin, the web-based MySQL administration interface. CVE-2016-1927 The suggestPassword function relied on a non-secure random number generator which makes it easier for remote attackers to guess generated passwords via a brute-force approach. CVE-2016- ... oval:org.secpod.oval:def:1900845 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters oval:org.secpod.oval:def:1900851 An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900933 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality oval:org.secpod.oval:def:1901259 phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server oval:org.secpod.oval:def:1901366 An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg["Servers"][$i]["AllowNoPassword"] = false are bypassed under certain PHP versions . This can allow the login of users who have no password set ... oval:org.secpod.oval:def:1901502 phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name oval:org.secpod.oval:def:1800591 CVE-2016-6606: Weakness with cookie encryption. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6607: Multiple XSS vulnerabilities. All 4.6.x versions , 4.4.x versions , and 4.0.x versions ar ... oval:org.secpod.oval:def:1902053 An issue was discovered in phpMyAdmin before 4.8.6. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. oval:org.secpod.oval:def:1902052 An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim"s phpMyAdmin database, and the attacker can ... |
