Search...

CVE-2007-0095

2007-01-05T13:28:00

ID CVE-2007-0095
Type cve
Reporter NVD
Modified 2017-07-28T21:29:58

Description

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.

JSON Vulners Source

Initial Source

{"id": "CVE-2007-0095", "bulletinFamily": "NVD", "title": "CVE-2007-0095", "description": "phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.", "published": "2007-01-05T13:28:00", "modified": "2017-07-28T21:29:58", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0095", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/31223", "http://securityreason.com/securityalert/2104", "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199", "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html"], "cvelist": ["CVE-2007-0095"], "type": "cve", "lastseen": "2017-07-29T11:21:48", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:2.9.1.1"], "cvelist": ["CVE-2007-0095"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.", "edition": 1, "enchantments": {}, "hash": "a5cef1520073c7712a44fc8dcd818b5f67ee448fb170bbedacf0f85f1f50626c", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "3ec3ea54b62420558e8a935069182acd", "key": "references"}, {"hash": "dd9bd603fb7d6ce0444a7aadc9fcaa64", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "4923080eced93246ecc65a21d6562f32", "key": "modified"}, {"hash": "f49932c861b3e4db9f154061621387dc", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "b7258d466ab10236c15be19c47eb9329", "key": "cpe"}, {"hash": "798f61d0258d8078f74ce923998fdca1", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2be2229c8e86a5133096c069785c1a83", "key": "published"}, {"hash": "a150299f78d517c2a9fd4fcddff1ff79", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0095", "id": "CVE-2007-0095", "lastseen": "2016-09-03T08:14:07", "modified": "2008-11-15T01:38:42", "objectVersion": "1.2", "published": "2007-01-05T13:28:00", "references": ["http://securityreason.com/securityalert/2104", "http://xforce.iss.net/xforce/xfdb/31223", "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199", "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-0095", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T08:14:07"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "b7258d466ab10236c15be19c47eb9329"}, {"key": "cvelist", "hash": "a150299f78d517c2a9fd4fcddff1ff79"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "dd9bd603fb7d6ce0444a7aadc9fcaa64"}, {"key": "href", "hash": "798f61d0258d8078f74ce923998fdca1"}, {"key": "modified", "hash": "48f05ab79963ee6b6783384158e0fe2a"}, {"key": "published", "hash": "2be2229c8e86a5133096c069785c1a83"}, {"key": "references", "hash": "9a106ab70a4e74b97bb00f42877f60c2"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "f49932c861b3e4db9f154061621387dc"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "9f348c4779ed101070b9dfc40ccfea4b0e6389d197078cac9798e8ff2b89078f", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:2.9.1.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"nessus": [{"id": "FEDORA_2007-4298.NASL", "type": "nessus", "title": "Fedora 7 : phpMyAdmin-2.11.3-1.fc7 (2007-4298)", "description": "- Upstream released 2.11.3\n\n - Removed the RPM scriptlets doing httpd restarts (#227025)\n\n - Patched an information disclosure known as CVE-2007-0095 (#221694)\n\n - Provide virtual phpmyadmin package and a httpd alias (#231431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-12-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29281", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-10-29T13:44:22"}, {"id": "FEDORA_2007-4334.NASL", "type": "nessus", "title": "Fedora 8 : phpMyAdmin-2.11.3-1.fc8 (2007-4334)", "description": "- Upstream released 2.11.3\n\n - Removed the RPM scriptlets doing httpd restarts (#227025)\n\n - Patched an information disclosure known as CVE-2007-0095 (#221694)\n\n - Provide virtual phpmyadmin package and a httpd alias (#231431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-12-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29284", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-10-29T13:42:33"}], "openvas": [{"id": "OPENVAS:860206", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2008-2229", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860206", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:57:11"}, {"id": "OPENVAS:860947", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2008-5640", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860947", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:56:46"}, {"id": "OPENVAS:860990", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2008-6810", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860990", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:56:51"}, {"id": "OPENVAS:860074", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2008-11221", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860074", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:56:19"}, {"id": "OPENVAS:861091", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2007-4298", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861091", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:56:22"}, {"id": "OPENVAS:860993", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2007-4334", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860993", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:56:14"}, {"id": "OPENVAS:860954", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2008-6450", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860954", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:57:11"}, {"id": "OPENVAS:860309", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2008-2189", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860309", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:57:12"}, {"id": "OPENVAS:860136", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2008-8286", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860136", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:57:16"}, {"id": "OPENVAS:860978", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2008-8269", "description": "Check for the Version of phpMyAdmin", "published": "2009-02-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860978", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-07-25T10:56:24"}], "osvdb": [{"id": "OSVDB:33257", "type": "osvdb", "title": "phpMyAdmin themes/darkblue_orange/layout.inc.php Direct Request Path Disclosure", "description": "# No description provided by the source\n\n## References:\nOther Advisory URL: http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html\nISS X-Force ID: 31223\n[CVE-2007-0095](https://vulners.com/cve/CVE-2007-0095)\n", "published": "2007-01-02T02:17:42", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:33257", "cvelist": ["CVE-2007-0095"], "lastseen": "2017-04-28T13:20:29"}]}}