svn commit: r417890 - head/security/vuxml
Matthew Seaman
matthew at FreeBSD.org
Fri Jul 1 15:22:48 UTC 2016
Author: matthew
Date: Fri Jul 1 15:22:47 2016
New Revision: 417890
URL: https://svnweb.freebsd.org/changeset/ports/417890
Log:
Belatedly document 12 security advisories about phpMyAdmin.
Severities range from 'non-critical' to 'severe'
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Jul 1 14:27:31 2016 (r417889)
+++ head/security/vuxml/vuln.xml Fri Jul 1 15:22:47 2016 (r417890)
@@ -58,6 +58,243 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e7028e1d-3f9b-11e6-81f9-6805ca0b3d42">
+ <topic>phpMyAdmin -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.6.0</ge><lt>4.6.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMYAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-17/">
+ <h3>Summary</h3>
+ <p>BBCode injection vulnerability</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was discovered that allows an BBCode
+ injection to setup script in case it's not accessed on
+ https.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-18/">
+ <h3>Summary</h3>
+ <p>Cookie attribute injection attack</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was found where, under some
+ circumstances, an attacker can inject arbitrary values
+ in the browser cookies.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-19/">
+ <h3>Summary</h3>
+ <p>SQL injection attack</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was discovered that allows an SQL
+ injection attack to run arbitrary commands as the
+ control user.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-20/">
+ <h3>Summary</h3>
+ <p>XSS on table structure page</p>
+
+ <h3>Description</h3>
+ <p>An XSS vulnerability was discovered on the table
+ structure page</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be a serious
+ vulnerability</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-21/">
+ <h3>Summary</h3>
+ <p>Multiple XSS vulnerabilities</p>
+
+ <h3>Description</h3>
+ <ul>
+ <li>An XSS vulnerability was discovered on the user
+ privileges page.</li>
+ <li>An XSS vulnerability was discovered in the error
+ console.</li>
+ <li>An XSS vulnerability was discovered in the central
+ columns feature.</li>
+ <li>An XSS vulnerability was discovered in the query
+ bookmarks feature.</li>
+ <li>An XSS vulnerability was discovered in the user groups
+ feature.</li>
+ </ul>
+
+ <h3>Severity</h3>
+ <p>We consider this to be a serious vulnerability</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-22/">
+ <h3>Summary</h3>
+ <p>DOS attack</p>
+
+ <h3>Description</h3>
+ <p>A Denial Of Service (DOS) attack was discovered in
+ the way phpMyAdmin loads some JavaScript files.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be of moderate severity</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-23/">
+ <h3>Summary</h3>
+ <p>Multiple full path disclosure vulnerabilities</p>
+
+ <h3>Description</h3>
+ <p>This PMASA contains information on multiple full-path
+ disclosure vulnerabilities reported in phpMyAdmin.</p>
+ <p>By specially crafting requests in the following
+ areas, it is possible to trigger phpMyAdmin to display a
+ PHP error message which contains the full path of the
+ directory where phpMyAdmin is installed.</p>
+ <ol>
+ <li>Setup script</li>
+ <li>Example OpenID authentication script</li>
+ </ol>
+
+ <h3>Severity</h3>
+ <p>We consider these vulnerabilities to be
+ non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-24/">
+ <h3>Summary</h3>
+ <p>XSS through FPD</p>
+
+ <h3>Description</h3>
+ <p>With a specially crafted request, it is possible to
+ trigger an XSS attack through the example OpenID
+ authentication script.</p>
+
+ <h3>Severity</h3>
+ <p>We do not consider this vulnerability to be
+ secure due to the non-standard required PHP setting
+ for html_errors.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-25/">
+ <h3>Summary</h3>
+ <p>XSS in partition range functionality</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was reported allowing a specially
+ crafted table parameters to cause an XSS attack through
+ the table structure page.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be severe.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-26/">
+ <h3>Summary</h3>
+ <p>Multiple XSS vulnerabilities</p>
+
+ <h3>Description</h3>
+ <ul>
+ <li>A vulnerability was reported allowing a specially
+ crafted table name to cause an XSS attack through the
+ functionality to check database privileges.
+ <ul>
+ <li>This XSS doesn't exist in some translations due to
+ different quotes being used there (eg. Czech).</li>
+ </ul>
+ </li>
+ <li>A vulnerability was reported allowing a
+ specifically-configured MySQL server to execute an XSS
+ attack. This particular attack requires configuring the
+ MySQL server log_bin directive with the payload.</li>
+ <li>Several XSS vulnerabilities were found with the
+ Transformation feature</li>
+ <li>Several XSS vulnerabilities were found in AJAX error
+ handling</li>
+ <li>Several XSS vulnerabilities were found in the Designer
+ feature</li>
+ <li>An XSS vulnerability was found in the charts
+ feature</li>
+ <li>An XSS vulnerability was found in the zoom search
+ feature</li>
+ </ul>
+
+ <h3>Severity</h3>
+ <p>We consider these attacks to be of moderate
+ severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-27/">
+ <h3>Summary</h3>
+ <p>Unsafe handling of preg_replace parameters</p>
+
+ <h3>Description</h3>
+ <p>In some versions of PHP, it's possible for an
+ attacker to pass parameters to the
+ <code>preg_replace()</code> function which can allow the
+ execution of arbitrary PHP code. This code is not
+ properly sanitized in phpMyAdmin as part of the table
+ search and replace feature.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be of moderate
+ severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-28/">
+ <h3>Summary</h3>
+ <p>Referrer leak in transformations</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was reported where a specially
+ crafted Transformation could be used to leak information
+ including the authentication token. This could be used
+ to direct a CSRF attack against a user.</p>
+ <p>Furthermore, the CSP code used in version 4.0.x is
+ outdated and has been updated to more modern
+ standards.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be of moderate severity</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-17/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-18/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-19/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-20/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-21/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-22/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-23/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-24/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-25/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-26/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-27/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-28/</url>
+ <cvename>CVE-2016-5701</cvename>
+ <cvename>CVE-2016-5702</cvename>
+ <cvename>CVE-2016-5703</cvename>
+ <cvename>CVE-2016-5704</cvename>
+ <cvename>CVE-2016-5705</cvename>
+ <cvename>CVE-2016-5706</cvename>
+ <cvename>CVE-2016-5730</cvename>
+ <cvename>CVE-2016-5731</cvename>
+ <cvename>CVE-2016-5732</cvename>
+ <cvename>CVE-2016-5733</cvename>
+ <cvename>CVE-2016-5734</cvename>
+ <cvename>CVE-2016-5739</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-23</discovery>
+ <entry>2016-07-01</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f1c219ba-3f14-11e6-b3c8-14dae9d210b8">
<topic>haproxy -- denial of service</topic>
<affects>
More information about the svn-ports-all
mailing list