Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.808241
Kategorie:Web application abuses
Titel:phpMyAdmin Multiple Vulnerabilities -01 July16 (Windows)
Zusammenfassung:This host is installed with phpMyAdmin; and is prone to multiple vulnerabilities.
Beschreibung:Summary:
This host is installed with phpMyAdmin
and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- The Transformation implementation does not use the no-referrer Content
Security Policy (CSP) protection mechanism.

- Multiple input validation errors.

- An improper selection of delimiters to prevent use of the preg_replace
e (aka eval) modifier.

- An improper handling of error messages.

- An insufficient validation of 'scripts' parameter in 'js/get_scripts.js.php'
script.

- An improper sanitization of URI.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to inject arbitrary web script or HTML or arbitrary PHP code via
crafted parameters, execute arbitrary SQL commands, cause a denial of
service, obtain sensitive information and conduct CSRF attacks.

Affected Software/OS:
phpMyAdmin versions 4.0.x before 4.0.10.16,
4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 on Windows.

Solution:
Upgrade to phpMyAdmin version 4.0.10.16 or
4.4.15.7 or 4.6.3 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-5739
BugTraq ID: 91389
http://www.securityfocus.com/bid/91389
Debian Security Information: DSA-3627 (Google Search)
http://www.debian.org/security/2016/dsa-3627
https://security.gentoo.org/glsa/201701-32
SuSE Security Announcement: openSUSE-SU-2016:1699 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
SuSE Security Announcement: openSUSE-SU-2016:1700 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5733
BugTraq ID: 91390
http://www.securityfocus.com/bid/91390
Common Vulnerability Exposure (CVE) ID: CVE-2016-5734
BugTraq ID: 91387
http://www.securityfocus.com/bid/91387
https://www.exploit-db.com/exploits/40185/
Common Vulnerability Exposure (CVE) ID: CVE-2016-5731
Common Vulnerability Exposure (CVE) ID: CVE-2016-5732
Common Vulnerability Exposure (CVE) ID: CVE-2016-5730
BugTraq ID: 91379
http://www.securityfocus.com/bid/91379
Common Vulnerability Exposure (CVE) ID: CVE-2016-5706
BugTraq ID: 91376
http://www.securityfocus.com/bid/91376
Common Vulnerability Exposure (CVE) ID: CVE-2016-5704
Common Vulnerability Exposure (CVE) ID: CVE-2016-5705
BugTraq ID: 91378
http://www.securityfocus.com/bid/91378
Common Vulnerability Exposure (CVE) ID: CVE-2016-5703
BugTraq ID: 91381
http://www.securityfocus.com/bid/91381
Common Vulnerability Exposure (CVE) ID: CVE-2016-5702
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.