diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 232 |
1 files changed, 232 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 9c418d69654b..681511bd8011 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,238 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6fe72178-b2e3-11e6-8b2a-6805ca0b3d42"> + <topic>phpMyAdmin -- multiple vulnerabilities</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>4.6.0</ge><lt>4.6.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMYAdmin development team reports:</p> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-57/"> + <h3>Summary</h3> + <p>Open redirection</p> + <h3>Description</h3> + <p>A vulnerability was discovered where a user can be + tricked in to following a link leading to phpMyAdmin, + which after authentication redirects to another + malicious site.</p> + <p>The attacker must sniff the user's valid phpMyAdmin + token.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-58/"> + <h3>Summary</h3> + <p>Unsafe generation of blowfish secret</p> + <h3>Description</h3> + <p>When the user does not specify a blowfish_secret key + for encrypting cookies, phpMyAdmin generates one at + runtime. A vulnerability was reported where the way this + value is created using a weak algorithm.</p> + <p>This could allow an attacker to determine the user's + blowfish_secret and potentially decrypt their + cookies.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + <h3>Mitigation factor</h3> + <p>This vulnerability only affects cookie + authentication and only when a user has not + defined a $cfg['blowfish_secret'] in + their config.inc.php</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-59/"> + <h3>Summary</h3> + <p>phpinfo information leak value of sensitive + (HttpOnly) cookies</p> + <h3>Description</h3> + <p>phpinfo (phpinfo.php) shows PHP information + including values of HttpOnly cookies.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be + non-critical.</p> + <h3>Mitigation factor</h3> + <p>phpinfo in disabled by default and needs + to be enabled explicitly.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-60/"> + <h3>Summary</h3> + <p>Username deny rules bypass (AllowRoot & Others) + by using Null Byte</p> + <h3>Description</h3> + <p>It is possible to bypass AllowRoot restriction + ($cfg['Servers'][$i]['AllowRoot']) and deny rules + for username by using Null Byte in the username.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be + severe.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-61/"> + <h3>Summary</h3> + <p>Username rule matching issues</p> + <h3>Description</h3> + <p>A vulnerability in username matching for the + allow/deny rules may result in wrong matches and + detection of the username in the rule due to + non-constant execution time.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be severe.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-62/"> + <h3>Summary</h3> + <p>Bypass logout timeout</p> + <h3>Description</h3> + <p>With a crafted request parameter value it is possible + to bypass the logout timeout.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-63/"> + <h3>Summary</h3> + <p>Multiple full path disclosure vulnerabilities</p> + <h3>Description</h3> + <p>By calling some scripts that are part of phpMyAdmin in an + unexpected way, it is possible to trigger phpMyAdmin to + display a PHP error message which contains the full path of + the directory where phpMyAdmin is installed. During an + execution timeout in the export functionality, the errors + containing the full path of the directory of phpMyAdmin is + written to the export file.</p> + <h3>Severity</h3> + <p>We consider these vulnerability to be + non-critical.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-64/"> + <h3>Summary</h3> + <p>Multiple XSS vulnerabilities</p> + <h3>Description</h3> + <p>Several XSS vulnerabilities have been reported, including + an improper fix for <a href="https://www.phpmyadmin.net/security/PMASA-2016-10/">PMASA-2016-10</a> and a weakness in a regular expression + using in some JavaScript processing.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be + non-critical.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-65/"> + <h3>Summary</h3> + <p>Multiple DOS vulnerabilities</p> + <h3>Description</h3> + <p>With a crafted request parameter value it is possible + to initiate a denial of service attack in saved searches + feature.</p> + <p>With a crafted request parameter value it is possible + to initiate a denial of service attack in import + feature.</p> + <p>An unauthenticated user can execute a denial of + service attack when phpMyAdmin is running with + <code>$cfg['AllowArbitraryServer']=true;</code>.</p> + <h3>Severity</h3> + <p>We consider these vulnerabilities to be of + moderate severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-66/"> + <h3>Summary</h3> + <p>Bypass white-list protection for URL redirection</p> + <h3>Description</h3> + <p>Due to the limitation in URL matching, it was + possible to bypass the URL white-list protection.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-67/"> + <h3>Summary</h3> + <p>BBCode injection vulnerability</p> + <h3>Description</h3> + <p>With a crafted login request it is possible to inject + BBCode in the login page.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be severe.</p> + <h3>Mitigation factor</h3> + <p>This exploit requires phpMyAdmin to be configured + with the "cookie" auth_type; other + authentication methods are not affected.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-68/"> + <h3>Summary</h3> + <p>DOS vulnerability in table partitioning</p> + <h3>Description</h3> + <p>With a very large request to table partitioning + function, it is possible to invoke a Denial of Service + (DOS) attack.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-69/"> + <h3>Summary</h3> + <p>Multiple SQL injection vulnerabilities</p> + <h3>Description</h3> + <p>With a crafted username or a table name, it was possible + to inject SQL statements in the tracking functionality that + would run with the privileges of the control user. This + gives read and write access to the tables of the + configuration storage database, and if the control user has + the necessary privileges, read access to some tables of the + mysql database.</p> + <h3>Severity</h3> + <p>We consider these vulnerabilities to be serious.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-70/"> + <h3>Summary</h3> + <p>Incorrect serialized string parsing</p> + <h3>Description</h3> + <p>Due to a bug in serialized string parsing, it was + possible to bypass the protection offered by + PMA_safeUnserialize() function.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be severe.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-71/"> + <h3>Summary</h3> + <p>CSRF token not stripped from the URL</p> + <h3>Description</h3> + <p>When the <code>arg_separator</code> is different from its + default value of <code>&</code>, the token was not + properly stripped from the return URL of the preference + import action.</p> + <h3>Severity</h3> + <p>We have not yet determined a severity for this issue.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.phpmyadmin.net/security/PMASA-2016-57/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-58/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-59/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-60/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-61/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-62/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-63/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-64/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-65/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-66/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-67/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-68/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-69/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-70/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-71/</url> + <cvename>CVE-2016-6632</cvename> + <cvename>CVE-2016-6633</cvename> + <cvename>CVE-2016-4412</cvename> + </references> + <dates> + <discovery>2016-11-25</discovery> + <entry>2016-11-25</entry> + </dates> + </vuln> + <vuln vid="dc596a17-7a9e-11e6-b034-f0def167eeea"> <topic>Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662</topic> <affects> |