Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2016.0240
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2016-0240)
Zusammenfassung:	The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2016-0240 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2016-0240 advisory. Vulnerability Insight: In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows a BBCode injection to setup script in case it's not accessed on https (CVE-2016-5701). In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control user (CVE-2016-5703). In phpMyAdmin before 4.4.15.7, XSS vulnerabilities were discovered in the user privileges page, the error console, and the central columns, query bookmarks, and user groups features (CVE-2016-5705). In phpMyAdmin before 4.4.15.7, a Denial Of Service (DOS) attack was discovered in the way phpMyAdmin loads some JavaScript files (CVE-2016-5706). In phpMyAdmin before 4.4.15.7, by specially crafting requests in the following areas, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed (CVE-2016-5730). In phpMyAdmin before 4.4.15.7, with a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script (CVE-2016-5731). In phpMyAdmin before 4.4.15.7, XSS vulnerabilities were found through specially crafted databases, in AJAX error handling, and in the Transformation, Designer, charts, and zoom search features (CVE-2016-5733). In phpMyAdmin before 4.4.15.7, a vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token. This could be used to direct a CSRF attack against a user (CVE-2016-5739). Affected Software/OS: 'phpmyadmin' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5701 BugTraq ID: 91383 http://www.securityfocus.com/bid/91383 Debian Security Information: DSA-3627 (Google Search) http://www.debian.org/security/2016/dsa-3627 https://security.gentoo.org/glsa/201701-32 SuSE Security Announcement: openSUSE-SU-2016:1699 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html SuSE Security Announcement: openSUSE-SU-2016:1700 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5703 BugTraq ID: 91381 http://www.securityfocus.com/bid/91381 Common Vulnerability Exposure (CVE) ID: CVE-2016-5705 BugTraq ID: 91378 http://www.securityfocus.com/bid/91378 Common Vulnerability Exposure (CVE) ID: CVE-2016-5706 BugTraq ID: 91376 http://www.securityfocus.com/bid/91376 Common Vulnerability Exposure (CVE) ID: CVE-2016-5730 BugTraq ID: 91379 http://www.securityfocus.com/bid/91379 Common Vulnerability Exposure (CVE) ID: CVE-2016-5731 Common Vulnerability Exposure (CVE) ID: CVE-2016-5733 BugTraq ID: 91390 http://www.securityfocus.com/bid/91390 Common Vulnerability Exposure (CVE) ID: CVE-2016-5739 BugTraq ID: 91389 http://www.securityfocus.com/bid/91389
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.