ID CVE-2007-0095 Type cve Reporter NVD Modified 2017-07-28T21:29:58
Description
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
{"openvas": [{"lastseen": "2017-07-25T10:57:11", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00100.html", "2008-2229"], "pluginID": "860206", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for phpMyAdmin FEDORA-2008-2229", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860206", "id": "OPENVAS:860206", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2008-2229\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 7\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00100.html\");\n script_id(860206);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-2229\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2008-2229\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.5~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:46", "references": ["2008-5640", "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00917.html"], "pluginID": "860947", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-17T00:00:00", "title": "Fedora Update for phpMyAdmin FEDORA-2008-5640", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860947", "id": "OPENVAS:860947", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2008-5640\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 8\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00917.html\");\n script_id(860947);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-5640\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2008-5640\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.7~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:51", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html", "2008-6810"], "pluginID": "860990", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-17T00:00:00", "title": "Fedora Update for phpMyAdmin FEDORA-2008-6810", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860990", "id": "OPENVAS:860990", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2008-6810\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 8\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html\");\n script_id(860990);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:01:32 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-6810\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2008-6810\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.8.1~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:19", "references": ["2008-11221", "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html"], "pluginID": "860074", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for phpMyAdmin FEDORA-2008-11221", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860074", "id": "OPENVAS:860074", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2008-11221\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 8\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html\");\n script_id(860074);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-11221\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2008-11221\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~3.1.1~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:22", "references": ["https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00326.html", "2007-4298"], "pluginID": "861091", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for phpMyAdmin FEDORA-2007-4298", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861091", "id": "OPENVAS:861091", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2007-4298\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 7\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00326.html\");\n script_id(861091);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-4298\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2007-4298\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.3~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.3~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:14", "references": ["https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00357.html", "2007-4334"], "pluginID": "860993", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "title": "Fedora Update for phpMyAdmin FEDORA-2007-4334", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860993", "id": "OPENVAS:860993", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2007-4334\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 8\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00357.html\");\n script_id(860993);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-4334\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2007-4334\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.3~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.3~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:57:11", "references": ["2008-6450", "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00652.html"], "pluginID": "860954", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for phpMyAdmin FEDORA-2008-6450", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860954", "id": "OPENVAS:860954", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2008-6450\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 8\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00652.html\");\n script_id(860954);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:01:32 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-6450\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2008-6450\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.7.1~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:57:12", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00069.html", "2008-2189"], "pluginID": "860309", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for phpMyAdmin FEDORA-2008-2189", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860309", "id": "OPENVAS:860309", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2008-2189\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 8\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00069.html\");\n script_id(860309);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-2189\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2008-2189\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.5~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:57:16", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01155.html", "2008-8286"], "pluginID": "860136", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for phpMyAdmin FEDORA-2008-8286", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860136", "id": "OPENVAS:860136", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2008-8286\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 8\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01155.html\");\n script_id(860136);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-8286\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2008-8286\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.9.2~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:24", "references": ["2008-8269", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01137.html"], "pluginID": "860978", "description": "Check for the Version of phpMyAdmin", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for phpMyAdmin FEDORA-2008-8269", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860978", "id": "OPENVAS:860978", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2008-8269\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 8\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges,export data into various formats and\n is available in 50 languages\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01137.html\");\n script_id(860978);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-8269\");\n script_cve_id(\"CVE-2007-0095\");\n script_name( \"Fedora Update for phpMyAdmin FEDORA-2008-8269\");\n\n script_summary(\"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.9.1~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-02T00:06:12", "references": ["http://www.nessus.org/u?376b6c9c", "https://bugzilla.redhat.com/show_bug.cgi?id=227025", "https://bugzilla.redhat.com/show_bug.cgi?id=221694", "https://bugzilla.redhat.com/show_bug.cgi?id=231431"], "pluginID": "29281", "description": "- Upstream released 2.11.3\n\n - Removed the RPM scriptlets doing httpd restarts (#227025)\n\n - Patched an information disclosure known as CVE-2007-0095 (#221694)\n\n - Provide virtual phpmyadmin package and a httpd alias (#231431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2007-12-11T00:00:00", "title": "Fedora 7 : phpMyAdmin-2.11.3-1.fc7 (2007-4298)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2015-10-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:phpMyAdmin"], "id": "FEDORA_2007-4298.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29281", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4298.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29281);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:02 $\");\n\n script_cve_id(\"CVE-2007-0095\");\n script_xref(name:\"FEDORA\", value:\"2007-4298\");\n\n script_name(english:\"Fedora 7 : phpMyAdmin-2.11.3-1.fc7 (2007-4298)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Upstream released 2.11.3\n\n - Removed the RPM scriptlets doing httpd restarts\n (#227025)\n\n - Patched an information disclosure known as\n CVE-2007-0095 (#221694)\n\n - Provide virtual phpmyadmin package and a httpd alias\n (#231431)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=221694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=227025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=231431\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/005788.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?376b6c9c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"phpMyAdmin-2.11.3-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:00:13", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=227025", "https://bugzilla.redhat.com/show_bug.cgi?id=221694", "http://www.nessus.org/u?58f40149", "https://bugzilla.redhat.com/show_bug.cgi?id=231431"], "pluginID": "29284", "description": "- Upstream released 2.11.3\n\n - Removed the RPM scriptlets doing httpd restarts (#227025)\n\n - Patched an information disclosure known as CVE-2007-0095 (#221694)\n\n - Provide virtual phpmyadmin package and a httpd alias (#231431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2007-12-11T00:00:00", "title": "Fedora 8 : phpMyAdmin-2.11.3-1.fc8 (2007-4334)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0095"], "modified": "2015-10-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:phpMyAdmin"], "id": "FEDORA_2007-4334.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4334.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29284);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:02 $\");\n\n script_cve_id(\"CVE-2007-0095\");\n script_xref(name:\"FEDORA\", value:\"2007-4334\");\n\n script_name(english:\"Fedora 8 : phpMyAdmin-2.11.3-1.fc8 (2007-4334)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Upstream released 2.11.3\n\n - Removed the RPM scriptlets doing httpd restarts\n (#227025)\n\n - Patched an information disclosure known as\n CVE-2007-0095 (#221694)\n\n - Provide virtual phpmyadmin package and a httpd alias\n (#231431)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=221694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=227025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=231431\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/005819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58f40149\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"phpMyAdmin-2.11.3-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:29", "references": [], "description": "# No description provided by the source\n\n## References:\nOther Advisory URL: http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html\nISS X-Force ID: 31223\n[CVE-2007-0095](https://vulners.com/cve/CVE-2007-0095)\n", "edition": 1, "reporter": "OSVDB", "published": "2007-01-02T02:17:42", "title": "phpMyAdmin themes/darkblue_orange/layout.inc.php Direct Request Path Disclosure", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-0095"], "modified": "2007-01-02T02:17:42", "href": "https://vulners.com/osvdb/OSVDB:33257", "id": "OSVDB:33257", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "references": ["https://vulners.com/securityvulns/securityvulns:doc:15670", "https://vulners.com/securityvulns/securityvulns:doc:15680", "https://vulners.com/securityvulns/securityvulns:doc:15675", "https://vulners.com/securityvulns/securityvulns:doc:15681", "https://vulners.com/securityvulns/securityvulns:doc:15676", "https://vulners.com/securityvulns/securityvulns:doc:15677", "https://vulners.com/securityvulns/securityvulns:doc:15672"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2007-01-11T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:22", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "MediaWiki", "version": "1.6", "operator": "eq"}, {"name": "MOTIONBORG Web Real Estate", "version": "2.1", "operator": "eq"}, {"name": "uniForum", "version": "4", "operator": "eq"}, {"name": "Jshop Server", "version": "1.3", "operator": "eq"}, {"name": "SazCart", "version": "1.5", "operator": "eq"}, {"name": "phpmyadmin", "version": "2.9", "operator": "eq"}, {"name": "phpBB", "version": "2.0", "operator": "eq"}, {"name": "MediaWiki", "version": "1.8", "operator": "eq"}, {"name": "Axiom", "version": "0.8", "operator": "eq"}, {"name": "WordPress", "version": "2.0", "operator": "eq"}, {"name": "CS-Cart", "version": "1.3", "operator": "eq"}, {"name": "MediaWiki", "version": "1.7", "operator": "eq"}], "cvelist": ["CVE-2007-0226", "CVE-2007-0200", "CVE-2007-0232", "CVE-2007-0109", "CVE-2007-0177", "CVE-2007-0203", "CVE-2007-0230", "CVE-2007-0204", "CVE-2007-0196", "CVE-2007-0095"], "modified": "2007-01-11T00:00:00", "id": "SECURITYVULNS:VULN:7037", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7037", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
