 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2016.0240 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2016-0240) |
| Resumen: | The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2016-0240 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2016-0240 advisory. Vulnerability Insight: In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows a BBCode injection to setup script in case it's not accessed on https (CVE-2016-5701). In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control user (CVE-2016-5703). In phpMyAdmin before 4.4.15.7, XSS vulnerabilities were discovered in the user privileges page, the error console, and the central columns, query bookmarks, and user groups features (CVE-2016-5705). In phpMyAdmin before 4.4.15.7, a Denial Of Service (DOS) attack was discovered in the way phpMyAdmin loads some JavaScript files (CVE-2016-5706). In phpMyAdmin before 4.4.15.7, by specially crafting requests in the following areas, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed (CVE-2016-5730). In phpMyAdmin before 4.4.15.7, with a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script (CVE-2016-5731). In phpMyAdmin before 4.4.15.7, XSS vulnerabilities were found through specially crafted databases, in AJAX error handling, and in the Transformation, Designer, charts, and zoom search features (CVE-2016-5733). In phpMyAdmin before 4.4.15.7, a vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token. This could be used to direct a CSRF attack against a user (CVE-2016-5739). Affected Software/OS: 'phpmyadmin' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-5701 BugTraq ID: 91383 http://www.securityfocus.com/bid/91383 Debian Security Information: DSA-3627 (Google Search) http://www.debian.org/security/2016/dsa-3627 https://security.gentoo.org/glsa/201701-32 SuSE Security Announcement: openSUSE-SU-2016:1699 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html SuSE Security Announcement: openSUSE-SU-2016:1700 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5703 BugTraq ID: 91381 http://www.securityfocus.com/bid/91381 Common Vulnerability Exposure (CVE) ID: CVE-2016-5705 BugTraq ID: 91378 http://www.securityfocus.com/bid/91378 Common Vulnerability Exposure (CVE) ID: CVE-2016-5706 BugTraq ID: 91376 http://www.securityfocus.com/bid/91376 Common Vulnerability Exposure (CVE) ID: CVE-2016-5730 BugTraq ID: 91379 http://www.securityfocus.com/bid/91379 Common Vulnerability Exposure (CVE) ID: CVE-2016-5731 Common Vulnerability Exposure (CVE) ID: CVE-2016-5733 BugTraq ID: 91390 http://www.securityfocus.com/bid/91390 Common Vulnerability Exposure (CVE) ID: CVE-2016-5739 BugTraq ID: 91389 http://www.securityfocus.com/bid/91389 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |