| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Most of these updates is based on data from https://repology.org/,
detection based on permanent redirect from http:// to https://.
$source urls are updated when they contain $url as substring.
|
| |
|
|
|
|
| |
Release notes https://www.phpmyadmin.net/news/2017/3/29/phpmyadmin-470-released/
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-9847: Unsafe generation of blowfish secret
CVE-2016-9848: phpinfo information leak value of sensitive (HttpOnly) cookies
CVE-2016-9849: Username deny rules bypass (AllowRoot & Others) by using Null Byte
CVE-2016-9850: Username rule matching issues
CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout.
CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities
CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities
CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity.
CVE-2016-9861: Bypass white-list protection for URL redirection
CVE-2016-9862: BBCode injection vulnerability
CVE-2016-9863: DOS vulnerability in table partitioning
CVE-2016-9864: Multiple SQL injection vulnerabilities
CVE-2016-9865: Incorrect serialized string parsing
CVE-2016-9866: CSRF token not stripped from the URL
|
|
We don't want maintain this for more than 6 months due to the amount of
security issues.
|