phpMyAdmin Multiple Vulnerabilities Fixed by 4.0.10.15, 4.4.15.4 and 4.5.5.1
Description
(#Several vulnerabilities were reported in phpMyAdmin:#- CVE-2016-2559: cross-site scripting in the "format()" function of the "libraries/sql-parser/src/Utils/Error.php" web page in the SQL parser##- CVE-2016-2560: multiple cross-site scripting. These vulnerabilities are exploitable via a crafted Host HTTP header (libraries/Config.class.php), crafted JSON data (file_echo.php), a crafted SQL query (js/functions.js), a crafted "initial parameter" in the user accounts page or a crafted "it" parameter in the zoom search page##- CVE-2016-2561: multiple cross-site scripting. These vulnerabilities are exploitable via "normalization.php", "js/normalization.js" in the database normalization page, "templates/database/structure/sortable_header.phtml" in the database structure page or the "pos" parameter to "db_central_columns.php" in the central columns page##- CVE-2016-2562: improper X.509 certificate validation from "api.github.com" allowing man-in-the-middle attack##The phpmyadmin packages provided by Debian Squeeze 6 are vulnerable.##The phpmyadmin packages provided by Debian Wheezy 7 are vulnerable to CVE-2016-2560.##The phpmyadmin packages provided by Debian Jessie 8 are vulnerable to CVE-2016-2560 and CVE-2016-2561.)
