FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- multiple vulnerabilities

Affected packages
4.6.0 <= phpmyadmin < 4.6.4

Details

VuXML ID ef70b201-645d-11e6-9cdc-6805ca0b3d42
Discovery 2016-08-17
Entry 2016-08-17

The phpmyadmin development team reports:

Weakness with cookie encryption

[source]

Multiple XSS vulnerabilities

[source]

Multiple XSS vulnerabilities

[source]

PHP code injection

[source]

Full path disclosure

[source]

SQL injection attack

[source]

Local file exposure

[source]

Local file exposure through symlinks with UploadDir

[source]

Path traversal with SaveDir and UploadDir

[source]

Multiple XSS vulnerabilities

[source]

SQL injection attack

[source]

SQL injection attack

[source]

Denial of service (DOS) attack in transformation feature

[source]

SQL injection attack as control user

[source]

Unvalidated data passed to unserialize()

[source]

DOS attack with forced persistent connections

[source]

Denial of service (DOS) attack by for loops

[source]

IPv6 and proxy server IP-based authentication rule circumvention

[source]

Detect if user is logged in

[source]

Bypass URL redirect protection

[source]

Referrer leak in url.php

[source]

Reflected File Download attack

[source]

ArbitraryServerRegexp bypass

[source]

Denial of service (DOS) attack by changing password to a very long string

[source]

Remote code execution vulnerability when run as CGI

[source]
Summary

Denial of service (DOS) attack with dbase extension

[source]

Remote code execution vulnerability when PHP is running with dbase extension

[source]

References

CVE Name CVE-2016-6606
CVE Name CVE-2016-6607
CVE Name CVE-2016-6608
CVE Name CVE-2016-6609
CVE Name CVE-2016-6610
CVE Name CVE-2016-6611
CVE Name CVE-2016-6612
CVE Name CVE-2016-6613
CVE Name CVE-2016-6614
CVE Name CVE-2016-6615
CVE Name CVE-2016-6616
CVE Name CVE-2016-6617
CVE Name CVE-2016-6618
CVE Name CVE-2016-6619
CVE Name CVE-2016-6620
CVE Name CVE-2016-6622
CVE Name CVE-2016-6623
CVE Name CVE-2016-6624
CVE Name CVE-2016-6625
CVE Name CVE-2016-6626
CVE Name CVE-2016-6627
CVE Name CVE-2016-6628
CVE Name CVE-2016-6629
CVE Name CVE-2016-6630
CVE Name CVE-2016-6631
CVE Name CVE-2016-6632
CVE Name CVE-2016-6633
URL https://www.phpmyadmin.net/security/PMASA-2016-29/
URL https://www.phpmyadmin.net/security/PMASA-2016-30/
URL https://www.phpmyadmin.net/security/PMASA-2016-31/
URL https://www.phpmyadmin.net/security/PMASA-2016-32/
URL https://www.phpmyadmin.net/security/PMASA-2016-33/
URL https://www.phpmyadmin.net/security/PMASA-2016-34/
URL https://www.phpmyadmin.net/security/PMASA-2016-35/
URL https://www.phpmyadmin.net/security/PMASA-2016-36/
URL https://www.phpmyadmin.net/security/PMASA-2016-37/
URL https://www.phpmyadmin.net/security/PMASA-2016-38/
URL https://www.phpmyadmin.net/security/PMASA-2016-39/
URL https://www.phpmyadmin.net/security/PMASA-2016-40/
URL https://www.phpmyadmin.net/security/PMASA-2016-41/
URL https://www.phpmyadmin.net/security/PMASA-2016-42/
URL https://www.phpmyadmin.net/security/PMASA-2016-43/
URL https://www.phpmyadmin.net/security/PMASA-2016-45/
URL https://www.phpmyadmin.net/security/PMASA-2016-46/
URL https://www.phpmyadmin.net/security/PMASA-2016-47/
URL https://www.phpmyadmin.net/security/PMASA-2016-48/
URL https://www.phpmyadmin.net/security/PMASA-2016-49/
URL https://www.phpmyadmin.net/security/PMASA-2016-50/
URL https://www.phpmyadmin.net/security/PMASA-2016-51/
URL https://www.phpmyadmin.net/security/PMASA-2016-52/
URL https://www.phpmyadmin.net/security/PMASA-2016-53/
URL https://www.phpmyadmin.net/security/PMASA-2016-54/
URL https://www.phpmyadmin.net/security/PMASA-2016-55/
URL https://www.phpmyadmin.net/security/PMASA-2016-56/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.