rpm package

opensuse/phpMyAdmin&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweed

Vulnerabilities (163)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-2560	Med	6.1	< 4.6.5.2-1.1	4.6.5.2-1.1	Mar 1, 2016	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) c
CVE-2016-2559	Med	5.4	< 4.6.5.2-1.1	4.6.5.2-1.1	Mar 1, 2016	Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
CVE-2016-2045	Med	5.4	< 4.6.5.2-1.1	4.6.5.2-1.1	Feb 20, 2016	Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
CVE-2016-2044	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Feb 20, 2016	libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-2043	Med	5.4	< 4.6.5.2-1.1	4.6.5.2-1.1	Feb 20, 2016	Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
CVE-2016-2042	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Feb 20, 2016	phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
CVE-2016-2041	Hig	7.5	< 4.6.5.2-1.1	4.6.5.2-1.1	Feb 20, 2016	libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time diffe
CVE-2016-2040	Med	5.4	< 4.6.5.2-1.1	4.6.5.2-1.1	Feb 20, 2016	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname i
CVE-2016-2039	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Feb 20, 2016	libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
CVE-2016-2038	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Feb 20, 2016	phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-1927	Hig	7.5	< 4.6.5.2-1.1	4.6.5.2-1.1	Feb 20, 2016	The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
CVE-2015-8669	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 26, 2015	libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2015-7873		—	< 4.6.5.2-1.1	4.6.5.2-1.1	Oct 28, 2015	The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
CVE-2015-6830		—	< 4.6.5.2-1.1	4.6.5.2-1.1	Sep 14, 2015	libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCa
CVE-2015-3903		—	< 4.6.5.2-1.1	4.6.5.2-1.1	May 26, 2015	libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sens
CVE-2015-3902		—	< 4.6.5.2-1.1	4.6.5.2-1.1	May 26, 2015	Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that mod
CVE-2015-2206		—	< 4.6.5.2-1.1	4.6.5.2-1.1	Mar 9, 2015	libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remo
CVE-2014-9219		—	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 8, 2014	Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2014-9218		—	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 8, 2014	libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.
CVE-2014-8961		—	< 4.6.5.2-1.1	4.6.5.2-1.1	Nov 30, 2014	Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted par

CVE-2016-2560MedMar 1, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) c
CVE-2016-2559MedMar 1, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
CVE-2016-2045MedFeb 20, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
CVE-2016-2044MedFeb 20, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-2043MedFeb 20, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
CVE-2016-2042MedFeb 20, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
CVE-2016-2041HigFeb 20, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time diffe
CVE-2016-2040MedFeb 20, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname i
CVE-2016-2039MedFeb 20, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
CVE-2016-2038MedFeb 20, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-1927HigFeb 20, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
CVE-2015-8669MedDec 26, 2015
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2015-7873Oct 28, 2015
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
CVE-2015-6830Sep 14, 2015
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCa
CVE-2015-3903May 26, 2015
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sens
CVE-2015-3902May 26, 2015
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that mod
CVE-2015-2206Mar 9, 2015
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remo
CVE-2014-9219Dec 8, 2014
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2014-9218Dec 8, 2014
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.
CVE-2014-8961Nov 30, 2014
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted par

Page 6 of 9