Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2011-9144.NASL
HistoryJul 18, 2011 - 12:00 a.m.

Fedora 14 : phpMyAdmin-3.4.3.1-1.fc14 (2011-9144)

2011-07-1800:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Changes for 3.4.3.1 (2011-06-07)

Changes for 3.4.3.0 (2011-06-27)

  • [sync] Missing helper icons in Synchronize

    • [setup] Redefine a lable that was wrong

    • [parser] master is not a reserved word

    • [edit] Inline edit updates multiple duplicate rows

    • [edit] Inline edit does not escape backslashes

    • [interface] Columns class sometimes changed for nothing

    • [interface] Some tooltips do not disappear

    • [search] Fix search in non unicode tables

    • [display] Inline query edit broken

    • [privileges] Generate password option missing on new accounts

    • [edit] Inline edit places HTML line breaks in edit area

    • [interface] Inline query edit does not escape special characters

    • [security] minor XSS (require a valid token)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2011-9144.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(55604);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2011-2505", "CVE-2011-2506", "CVE-2011-2507", "CVE-2011-2508");
  script_bugtraq_id(48563);
  script_xref(name:"FEDORA", value:"2011-9144");

  script_name(english:"Fedora 14 : phpMyAdmin-3.4.3.1-1.fc14 (2011-9144)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Changes for 3.4.3.1 (2011-06-07)

  - [PMASA-2011-5] Possible session manipulation in Swekey
    authentication
    (http://www.phpmyadmin.net/home_page/security/PMASA-2011
    -5.php)

    - [PMASA-2011-6] Possible code injection in setup script
      in case session variables are compromised
      (http://www.phpmyadmin.net/home_page/security/PMASA-20
      11-6.php)

    - [PMASA-2011-7] Regular expression quoting issue in
      Synchronize code
      (http://www.phpmyadmin.net/home_page/security/PMASA-20
      11-7.php)

    - [PMASA-2011-8] Possible directory traversal
      (http://www.phpmyadmin.net/home_page/security/PMASA-20
      11-8.php)

Changes for 3.4.3.0 (2011-06-27)

  - [sync] Missing helper icons in Synchronize

    - [setup] Redefine a lable that was wrong

    - [parser] master is not a reserved word

    - [edit] Inline edit updates multiple duplicate rows

    - [edit] Inline edit does not escape backslashes

    - [interface] Columns class sometimes changed for
      nothing

    - [interface] Some tooltips do not disappear

    - [search] Fix search in non unicode tables

    - [display] Inline query edit broken

    - [privileges] Generate password option missing on new
      accounts

    - [edit] Inline edit places HTML line breaks in edit
      area

    - [interface] Inline query edit does not escape special
      characters

    - [security] minor XSS (require a valid token)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.phpmyadmin.net/security/PMASA-2011-5/"
  );
  # http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.phpmyadmin.net/security/PMASA-2011-6/"
  );
  # http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.phpmyadmin.net/security/PMASA-2011-7/"
  );
  # http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.phpmyadmin.net/security/PMASA-2011-8/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=718964"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f35faca3"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected phpMyAdmin package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"Phpmyadmin 3.x RCE");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:phpMyAdmin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC14", reference:"phpMyAdmin-3.4.3.1-1.fc14")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpMyAdmin");
}
VendorProductVersionCPE
fedoraprojectfedoraphpmyadminp-cpe:/a:fedoraproject:fedora:phpmyadmin
fedoraprojectfedora14cpe:/o:fedoraproject:fedora:14

Related

securityvulns 3
openvas 10
seebug 5
nessus 4
freebsd 1
packetstorm 3
dsquare 1
osv 3
debian 1
exploitpack 2
exploitdb 2
checkpoint_advisories 2
phpmyadmin 4
debiancve 5
cve 5
ubuntucve 5
prion 5
github 2
thn 2
threatpost 1
gentoo 1
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2011-07-13 00:00:00
phpMyAdmin 3.x Multiple Remote Code Executions
2011-07-13 00:00:00
[SECURITY] [DSA 2286-1] phpmyadmin security update
2011-08-01 00:00:00
openvas
openvas
FreeBSD Ports: phpmyadmin
2011-08-03 00:00:00
Fedora Update for phpMyAdmin FEDORA-2011-9144
2011-07-18 00:00:00
FreeBSD Ports: phpmyadmin
2011-08-03 00:00:00
seebug
seebug
phpMyAdmin 3.x Multiple Remote Code Executions
2011-07-09 00:00:00
phpMyAdmin 3.x 多个安全漏洞
2011-07-07 00:00:00
phpMyAdmin3 (pma3) Remote Code Execution Exploit
2011-07-10 00:00:00
nessus
nessus
phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 Multiple Vulnerabilities (PMASA-2011-5 - PMASA-2011-8)
2011-12-20 00:00:00
FreeBSD : phpmyadmin -- multiple vulnerabilities (7e4e5c53-a56c-11e0-b180-00216aa06fc2)
2011-07-05 00:00:00
Debian DSA-2286-1 : phpmyadmin - several vulnerabilities
2011-07-28 00:00:00
freebsd
freebsd
phpmyadmin -- multiple vulnerabilities
2011-07-02 00:00:00
packetstorm
packetstorm
phpMyAdmin 3.x Remote Code Execution
2011-07-08 00:00:00
phpMyAdmin 3.x Swekey Remote Code Injection
2011-07-09 00:00:00
phpMyAdmin3 Remote Code Execution
2011-07-09 00:00:00
dsquare
dsquare
Phpmyadmin 3.x RCE
2012-01-26 00:00:00
osv
osv
phpymadmin - several
2011-07-26 00:00:00
phpMyAdmin vulnerable to static code injection
2022-05-14 02:55:16
phpMyAdmin remote variable manipulation
2022-05-14 02:55:16
debian
debian
[SECURITY] [DSA 2286-1] phpmyadmin security update
2011-07-26 19:11:55
exploitpack
exploitpack
phpMyAdmin 3.x - Swekey Remote Code Injection
2011-07-09 00:00:00
phpMyAdmin3 (pma3) - Remote Code Execution
2011-07-08 00:00:00
exploitdb
exploitdb
phpMyAdmin 3.x - Swekey Remote Code Injection
2011-07-09 00:00:00
phpMyAdmin3 (pma3) - Remote Code Execution
2011-07-08 00:00:00
checkpoint_advisories
checkpoint_advisories
PhpMyAdmin Sweky Remote Code Injection Exploit (CVE-2011-2506)
2013-10-20 00:00:00
PhpMyAdmin Remote Variable Manipulation (CVE-2011-2505)
2013-10-20 00:00:00
phpmyadmin
phpmyadmin
Possible directory traversal.
2011-07-02 00:00:00
Possible code injection in setup script in case session variables are compromised.
2011-07-02 00:00:00
Regular expression quoting issue in Synchronize code.
2011-07-02 00:00:00
debiancve
debiancve
CVE-2011-2508
2011-07-14 23:55:00
CVE-2011-2506
2011-07-14 23:55:00
CVE-2011-2507
2011-07-14 23:55:00
cve
cve
CVE-2011-2506
2011-07-14 23:55:00
CVE-2011-2508
2011-07-14 23:55:00
CVE-2011-2507
2011-07-14 23:55:00
ubuntucve
ubuntucve
CVE-2011-2506
2011-07-14 00:00:00
CVE-2011-2508
2011-07-14 00:00:00
CVE-2011-2507
2011-07-14 00:00:00
prion
prion
Code injection
2011-07-14 23:55:00
Code injection
2011-07-14 23:55:00
Directory traversal
2011-07-14 23:55:00
github
github
phpMyAdmin vulnerable to static code injection
2022-05-14 02:55:16
phpMyAdmin remote variable manipulation
2022-05-14 02:55:16
thn
thn
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 17:45:00
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 06:45:00
threatpost
threatpost
Call for Ban on Vulnerable PHP SuperGlobal Variables
2013-09-09 14:54:04
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2012-01-04 00:00:00
JSON
Related for FEDORA_2011-9144.NASL
securityvulns3openvas10seebug5nessus4freebsd1packetstorm3dsquare1osv3debian1exploitpack2exploitdb2checkpoint_advisories2phpmyadmin4debiancve5cve5ubuntucve5prion5github2thn2threatpost1gentoo1