English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2016.0291
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2016-0291)
Zusammenfassung:The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2016-0291 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2016-0291 advisory.

Vulnerability Insight:
In phpMyAdmin before 4.4.15.8, the decryption of the username/password is
vulnerable to a padding oracle attack. The can allow an attacker who has
access to a user's browser cookie file to decrypt the username and
password. Also, the same initialization vector (IV) is used to hash the
username and password stored in the phpMyAdmin cookie. If a user has the
same password as their username, an attacker who examines the browser
cookie can see that they are the same (CVE-2016-6606).

In phpMyAdmin before 4.4.15.8, multiple vulnerabilities have been
discovered in the following areas of phpMyAdmin: Zoom search, GIS editor,
Relation view, several Transformations, XML export, MediaWiki export,
Designer, when the MySQL server is running with a specially-crafted
log_bin directive, Database tab, Replication feature, and Database search
(CVE-2016-6607).

In phpMyAdmin before 4.4.15.8, a vulnerability was found where a specially
crafted database name could be used to run arbitrary PHP commands through
the array export feature (CVE-2016-6609).

In phpMyAdmin before 4.4.15.8, a full path disclosure vulnerability was
discovered where a user can trigger a particular error in the export
mechanism to discover the full path of phpMyAdmin on the disk
(CVE-2016-6610).

In phpMyAdmin before 4.4.15.8, a vulnerability was reported where a
specially crafted database and/or table name can be used to trigger an SQL
injection attack through the export functionality (CVE-2016-6611).

In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where a user
can exploit the LOAD LOCAL INFILE functionality to expose files on the
server to the database system (CVE-2016-6612).

In phpMyAdmin before 4.4.15.8, a vulnerability was found where a user can
specially craft a symlink on disk, to a file which phpMyAdmin is permitted
to read but the user is not, which phpMyAdmin will then expose to the user
(CVE-2016-6613).

In phpMyAdmin before 4.4.15.8, a vulnerability was reported with the %u
username replacement functionality of the SaveDir and UploadDir features.
When the username substitution is configured, a specially-crafted user
name can be used to circumvent restrictions to traverse the file system
(CVE-2016-6614).

In phpMyAdmin before 4.4.15.8, multiple XSS vulnerabilities were found in
the following areas: Navigation pane and database/table hiding feature,
the 'Tracking' feature, and GIS visualization feature (CVE-2016-6615).

In phpMyAdmin before 4.4.15.8, a vulnerability was discovered in the
following features where a user can execute an SQL injection attack
against the account of the control user: User group Designer
(CVE-2016-6616).

In phpMyAdmin before 4.4.15.8, a vulnerability was found in the
transformation feature allowing a user to trigger a denial-of-service
(DOS) attack against the server (CVE-2016-6618).

In phpMyAdmin before 4.4.15.8, a vulnerability was discovered in the user
interface ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'phpmyadmin' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-6606
BugTraq ID: 94114
http://www.securityfocus.com/bid/94114
https://security.gentoo.org/glsa/201701-32
https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-6607
BugTraq ID: 93257
http://www.securityfocus.com/bid/93257
Common Vulnerability Exposure (CVE) ID: CVE-2016-6609
BugTraq ID: 94112
http://www.securityfocus.com/bid/94112
https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-6610
BugTraq ID: 94118
http://www.securityfocus.com/bid/94118
Common Vulnerability Exposure (CVE) ID: CVE-2016-6611
BugTraq ID: 94117
http://www.securityfocus.com/bid/94117
Common Vulnerability Exposure (CVE) ID: CVE-2016-6612
BugTraq ID: 94113
http://www.securityfocus.com/bid/94113
Common Vulnerability Exposure (CVE) ID: CVE-2016-6613
BugTraq ID: 94115
http://www.securityfocus.com/bid/94115
Common Vulnerability Exposure (CVE) ID: CVE-2016-6614
BugTraq ID: 94366
http://www.securityfocus.com/bid/94366
Common Vulnerability Exposure (CVE) ID: CVE-2016-6615
BugTraq ID: 95041
http://www.securityfocus.com/bid/95041
Common Vulnerability Exposure (CVE) ID: CVE-2016-6616
BugTraq ID: 95042
http://www.securityfocus.com/bid/95042
Common Vulnerability Exposure (CVE) ID: CVE-2016-6618
BugTraq ID: 95047
http://www.securityfocus.com/bid/95047
Common Vulnerability Exposure (CVE) ID: CVE-2016-6619
BugTraq ID: 95048
http://www.securityfocus.com/bid/95048
Common Vulnerability Exposure (CVE) ID: CVE-2016-6620
BugTraq ID: 95055
http://www.securityfocus.com/bid/95055
Common Vulnerability Exposure (CVE) ID: CVE-2016-6622
BugTraq ID: 95049
http://www.securityfocus.com/bid/95049
Common Vulnerability Exposure (CVE) ID: CVE-2016-6623
BugTraq ID: 95052
http://www.securityfocus.com/bid/95052
Common Vulnerability Exposure (CVE) ID: CVE-2016-6624
BugTraq ID: 92489
http://www.securityfocus.com/bid/92489
Common Vulnerability Exposure (CVE) ID: CVE-2016-6625
BugTraq ID: 92491
http://www.securityfocus.com/bid/92491
Common Vulnerability Exposure (CVE) ID: CVE-2016-6626
BugTraq ID: 92490
http://www.securityfocus.com/bid/92490
Common Vulnerability Exposure (CVE) ID: CVE-2016-6627
BugTraq ID: 92494
http://www.securityfocus.com/bid/92494
Common Vulnerability Exposure (CVE) ID: CVE-2016-6628
BugTraq ID: 92492
http://www.securityfocus.com/bid/92492
Common Vulnerability Exposure (CVE) ID: CVE-2016-6629
BugTraq ID: 92493
http://www.securityfocus.com/bid/92493
Common Vulnerability Exposure (CVE) ID: CVE-2016-6630
BugTraq ID: 92501
http://www.securityfocus.com/bid/92501
Common Vulnerability Exposure (CVE) ID: CVE-2016-6631
BugTraq ID: 92496
http://www.securityfocus.com/bid/92496
Common Vulnerability Exposure (CVE) ID: CVE-2016-6632
BugTraq ID: 92497
http://www.securityfocus.com/bid/92497
Common Vulnerability Exposure (CVE) ID: CVE-2016-6633
BugTraq ID: 92500
http://www.securityfocus.com/bid/92500
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.