Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.808241 |
Kategorie: | Web application abuses |
Titel: | phpMyAdmin Multiple Vulnerabilities -01 July16 (Windows) |
Zusammenfassung: | This host is installed with phpMyAdmin; and is prone to multiple vulnerabilities. |
Beschreibung: | Summary: This host is installed with phpMyAdmin and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The Transformation implementation does not use the no-referrer Content Security Policy (CSP) protection mechanism. - Multiple input validation errors. - An improper selection of delimiters to prevent use of the preg_replace e (aka eval) modifier. - An improper handling of error messages. - An insufficient validation of 'scripts' parameter in 'js/get_scripts.js.php' script. - An improper sanitization of URI. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML or arbitrary PHP code via crafted parameters, execute arbitrary SQL commands, cause a denial of service, obtain sensitive information and conduct CSRF attacks. Affected Software/OS: phpMyAdmin versions 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 on Windows. Solution: Upgrade to phpMyAdmin version 4.0.10.16 or 4.4.15.7 or 4.6.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-5739 BugTraq ID: 91389 http://www.securityfocus.com/bid/91389 Debian Security Information: DSA-3627 (Google Search) http://www.debian.org/security/2016/dsa-3627 https://security.gentoo.org/glsa/201701-32 SuSE Security Announcement: openSUSE-SU-2016:1699 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html SuSE Security Announcement: openSUSE-SU-2016:1700 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5733 BugTraq ID: 91390 http://www.securityfocus.com/bid/91390 Common Vulnerability Exposure (CVE) ID: CVE-2016-5734 BugTraq ID: 91387 http://www.securityfocus.com/bid/91387 https://www.exploit-db.com/exploits/40185/ Common Vulnerability Exposure (CVE) ID: CVE-2016-5731 Common Vulnerability Exposure (CVE) ID: CVE-2016-5732 Common Vulnerability Exposure (CVE) ID: CVE-2016-5730 BugTraq ID: 91379 http://www.securityfocus.com/bid/91379 Common Vulnerability Exposure (CVE) ID: CVE-2016-5706 BugTraq ID: 91376 http://www.securityfocus.com/bid/91376 Common Vulnerability Exposure (CVE) ID: CVE-2016-5704 Common Vulnerability Exposure (CVE) ID: CVE-2016-5705 BugTraq ID: 91378 http://www.securityfocus.com/bid/91378 Common Vulnerability Exposure (CVE) ID: CVE-2016-5703 BugTraq ID: 91381 http://www.securityfocus.com/bid/91381 Common Vulnerability Exposure (CVE) ID: CVE-2016-5702 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |