DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:136141256231068698", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: phpMyAdmin", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "published": "2011-01-24T00:00:00", "modified": "2019-03-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068698", "reporter": "Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com", "references": ["http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php", "http://www.vuxml.org/freebsd/753f8185-5ba9-42a4-be02-3f55ee580093.html"], "cvelist": ["CVE-2010-4329"], "lastseen": "2019-05-29T18:39:28", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4329"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2139-1:FDD12"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-4329"]}, {"type": "fedora", "idList": ["FEDORA:AE678110DF3", "FEDORA:AF651110971"]}, {"type": "freebsd", "idList": ["753F8185-5BA9-42A4-BE02-3F55EE580093"]}, {"type": "nessus", "idList": ["5716.PRM", "DEBIAN_DSA-2139.NASL", "FEDORA_2010-18343.NASL", "FEDORA_2010-18371.NASL", "FREEBSD_PKG_753F81855BA942A4BE023F55EE580093.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310100939", "OPENVAS:136141256231068980", "OPENVAS:1361412562310831269", "OPENVAS:1361412562310862709", "OPENVAS:1361412562310862716", "OPENVAS:68698", "OPENVAS:68980", "OPENVAS:831269", "OPENVAS:862709", "OPENVAS:862716"]}, {"type": "osv", "idList": ["OSV:DSA-2139-1"]}, {"type": "phpmyadmin", "idList": ["PHPMYADMIN:PMASA-2010-8"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25228", "SECURITYVULNS:DOC:25426", "SECURITYVULNS:VULN:11274", "SECURITYVULNS:VULN:11328"]}, {"type": "seebug", "idList": ["SSV:20283"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-4329"]}]}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2010-4329"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2139-1:FDD12"]}, {"type": "fedora", "idList": ["FEDORA:AF651110971"]}, {"type": "freebsd", "idList": ["753F8185-5BA9-42A4-BE02-3F55EE580093"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_753F81855BA942A4BE023F55EE580093.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310100939"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11274"]}, {"type": "seebug", "idList": ["SSV:20283"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-4329"]}]}, "exploitation": null, "vulnersScore": -0.3}, "pluginID": "136141256231068698", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_phpMyAdmin22.nasl 14170 2019-03-14 09:24:12Z cfischer $\n#\n# Auto generated from VID 753f8185-5ba9-42a4-be02-3f55ee580093\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68698\");\n script_version(\"$Revision: 14170 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 10:24:12 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2010-4329\");\n script_name(\"FreeBSD Ports: phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n phpMyAdmin\n phpMyAdmin211\n\nCVE-2010-4329\nCross-site scripting (XSS) vulnerability in the PMA_linkOrButton\nfunction in libraries/common.lib.php in the database (db) search\nscript in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1\nallows remote attackers to inject arbitrary web script or HTML via a\ncrafted request.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/753f8185-5ba9-42a4-be02-3f55ee580093.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"phpMyAdmin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.3.8.1\")<0) {\n txt += 'Package phpMyAdmin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"phpMyAdmin211\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.11.11.1\")<0) {\n txt += 'Package phpMyAdmin211 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "naslFamily": "FreeBSD Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1660012044}, "_internal": {"score_hash": "fd291d7f393b2711234b56fb883ea389"}}

{"nessus": [{"lastseen": "2021-08-19T13:02:12", "description": "Versions of phpMyAdmin 2.x prior to 2.11.11.1, or 3.x prior to 3.3.8.1 are potentially affected by a cross-site scripting vulnerability in the database search tool.", "cvss3": {"score": 4.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "published": "2010-11-30T00:00:00", "type": "nessus", "title": "phpMyAdmin 2.x < 2.11.11.1 / 3.x < 3.3.8.1 XSS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*"], "id": "5716.PRM", "href": "https://www.tenable.com/plugins/nnm/5716", "sourceData": "Binary data 5716.prm", "cvss": {"score": 5.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T13:02:16", "description": "phpMyAdmin team reports :\n\nIt was possible to conduct a XSS attack using spoofed request on the db search script.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-30T00:00:00", "type": "nessus", "title": "FreeBSD : phpMyAdmin -- XSS attack in database search (753f8185-5ba9-42a4-be02-3f55ee580093)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:phpMyAdmin", "p-cpe:/a:freebsd:freebsd:phpMyAdmin211", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_753F81855BA942A4BE023F55EE580093.NASL", "href": "https://www.tenable.com/plugins/nessus/50838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50838);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-4329\");\n\n script_name(english:\"FreeBSD : phpMyAdmin -- XSS attack in database search (753f8185-5ba9-42a4-be02-3f55ee580093)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin team reports :\n\nIt was possible to conduct a XSS attack using spoofed request on the\ndb search script.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=152685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=152686\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2010-8/\"\n );\n # https://vuxml.freebsd.org/freebsd/753f8185-5ba9-42a4-be02-3f55ee580093.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0088aa48\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin211\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin<3.3.8.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin211<2.11.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T13:02:25", "description": "Changes for 3.3.8.1 (2010-11-29)\n\n - [security] XSS on db search, see PMASA-2010-8\n\n - http://www.phpmyadmin.net/home_page/security/PMASA-201 0-8.php\n\n - CVE-2010-4329\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-12-09T00:00:00", "type": "nessus", "title": "Fedora 14 : phpMyAdmin-3.3.8.1-1.fc14 (2010-18343)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-18343.NASL", "href": "https://www.tenable.com/plugins/nessus/51081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-18343.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51081);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4329\");\n script_bugtraq_id(45100);\n script_xref(name:\"FEDORA\", value:\"2010-18343\");\n\n script_name(english:\"Fedora 14 : phpMyAdmin-3.3.8.1-1.fc14 (2010-18343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes for 3.3.8.1 (2010-11-29)\n\n - [security] XSS on db search, see PMASA-2010-8\n\n -\n http://www.phpmyadmin.net/home_page/security/PMASA-201\n 0-8.php\n\n - CVE-2010-4329\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2010-8/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4dd97623\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"phpMyAdmin-3.3.8.1-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T13:02:19", "description": "Changes for 3.3.8.1 (2010-11-29)\n\n - [security] XSS on db search, see PMASA-2010-8\n\n - http://www.phpmyadmin.net/home_page/security/PMASA-201 0-8.php\n\n - CVE-2010-4329\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-12-09T00:00:00", "type": "nessus", "title": "Fedora 13 : phpMyAdmin-3.3.8.1-1.fc13 (2010-18371)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-18371.NASL", "href": "https://www.tenable.com/plugins/nessus/51082", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-18371.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51082);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4329\");\n script_bugtraq_id(45100);\n script_xref(name:\"FEDORA\", value:\"2010-18371\");\n\n script_name(english:\"Fedora 13 : phpMyAdmin-3.3.8.1-1.fc13 (2010-18371)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes for 3.3.8.1 (2010-11-29)\n\n - [security] XSS on db search, see PMASA-2010-8\n\n -\n http://www.phpmyadmin.net/home_page/security/PMASA-201\n 0-8.php\n\n - CVE-2010-4329\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2010-8/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/051956.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e2b4838\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"phpMyAdmin-3.3.8.1-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T13:02:08", "description": "Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-4329 Cross site scripting was possible in search, that allowed a remote attacker to inject arbitrary web script or HTML.\n\n - CVE-2010-4480 Cross site scripting was possible in errors, that allowed a remote attacker to inject arbitrary web script or HTML.\n\n - CVE-2010-4481 Display of PHP's phpinfo() function was available to world, but only if this functionality had been enabled (defaults to off). This may leak some information about the host system.", "cvss3": {"score": null, "vector": null}, "published": "2011-01-03T00:00:00", "type": "nessus", "title": "Debian DSA-2139-1 : phpmyadmin - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329", "CVE-2010-4480", "CVE-2010-4481"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:phpmyadmin", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2139.NASL", "href": "https://www.tenable.com/plugins/nessus/51401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2139. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51401);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-4329\", \"CVE-2010-4480\", \"CVE-2010-4481\");\n script_bugtraq_id(45100);\n script_xref(name:\"DSA\", value:\"2139\");\n\n script_name(english:\"Debian DSA-2139-1 : phpmyadmin - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in phpMyAdmin, a tool to\nadminister MySQL over the web. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2010-4329\n Cross site scripting was possible in search, that\n allowed a remote attacker to inject arbitrary web script\n or HTML.\n\n - CVE-2010-4480\n Cross site scripting was possible in errors, that\n allowed a remote attacker to inject arbitrary web script\n or HTML.\n\n - CVE-2010-4481\n Display of PHP's phpinfo() function was available to\n world, but only if this functionality had been enabled\n (defaults to off). This may leak some information about\n the host system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2139\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the phpmyadmin package.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"phpmyadmin\", reference:\"2.11.8.1-5+lenny7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2017-12-20T13:17:56", "description": "Check for the Version of phpMyAdmin", "cvss3": {}, "published": "2010-12-23T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2010-18371", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:862709", "href": "http://plugins.openvas.org/nasl.php?oid=862709", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2010-18371\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 13\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges, export data into various formats and\n is available in over 55 languages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051956.html\");\n script_id(862709);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-23 07:38:58 +0100 (Thu, 23 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-18371\");\n script_cve_id(\"CVE-2010-4329\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2010-18371\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~3.3.8.1~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-14T11:48:40", "description": "Check for the Version of phpmyadmin", "cvss3": {}, "published": "2010-12-09T00:00:00", "type": "openvas", "title": "Mandriva Update for phpmyadmin MDVSA-2010:244 (phpmyadmin)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:831269", "href": "http://plugins.openvas.org/nasl.php?oid=831269", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for phpmyadmin MDVSA-2010:244 (phpmyadmin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in phpmyadmin:\n\n It was possible to conduct a XSS attack using spoofed request on the\n db search script (CVE-2010-4329).\n \n This upgrade provides the latest phpmyadmin versions which is not\n vulnerable to this security issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"phpmyadmin on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00045.php\");\n script_id(831269);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-09 08:26:35 +0100 (Thu, 09 Dec 2010)\");\n script_xref(name: \"MDVSA\", value: \"2010:244\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2010-4329\");\n script_name(\"Mandriva Update for phpmyadmin MDVSA-2010:244 (phpmyadmin)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpmyadmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpmyadmin\", rpm:\"phpmyadmin~3.3.8.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-17T11:05:25", "description": "Check for the Version of phpMyAdmin", "cvss3": {}, "published": "2010-12-23T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2010-18371", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:1361412562310862709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862709", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2010-18371\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 13\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges, export data into various formats and\n is available in over 55 languages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051956.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862709\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-23 07:38:58 +0100 (Thu, 23 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-18371\");\n script_cve_id(\"CVE-2010-4329\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2010-18371\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~3.3.8.1~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:26", "description": "Check for the Version of phpmyadmin", "cvss3": {}, "published": "2010-12-09T00:00:00", "type": "openvas", "title": "Mandriva Update for phpmyadmin MDVSA-2010:244 (phpmyadmin)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:1361412562310831269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831269", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for phpmyadmin MDVSA-2010:244 (phpmyadmin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in phpmyadmin:\n\n It was possible to conduct a XSS attack using spoofed request on the\n db search script (CVE-2010-4329).\n \n This upgrade provides the latest phpmyadmin versions which is not\n vulnerable to this security issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"phpmyadmin on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00045.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831269\");\n script_version(\"$Revision: 8254 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 08:29:05 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-09 08:26:35 +0100 (Thu, 09 Dec 2010)\");\n script_xref(name: \"MDVSA\", value: \"2010:244\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2010-4329\");\n script_name(\"Mandriva Update for phpmyadmin MDVSA-2010:244 (phpmyadmin)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpmyadmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpmyadmin\", rpm:\"phpmyadmin~3.3.8.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:09", "description": "phpMyAdmin is prone to a cross-site scripting vulnerability because it\n fails to sufficiently sanitize user-supplied data.", "cvss3": {}, "published": "2010-12-09T00:00:00", "type": "openvas", "title": "phpMyAdmin Database Search Cross Site Scripting Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2019-03-01T00:00:00", "id": "OPENVAS:1361412562310100939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100939", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_45100.nasl 13960 2019-03-01 13:18:27Z cfischer $\n#\n# phpMyAdmin Database Search Cross Site Scripting Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100939\");\n script_version(\"$Revision: 13960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-09 13:44:03 +0100 (Thu, 09 Dec 2010)\");\n script_bugtraq_id(45100);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2010-4329\");\n script_name(\"phpMyAdmin Database Search Cross Site Scripting Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/45100\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php\");\n\n script_tag(name:\"impact\", value:\"An attacker may leverage this issue to execute arbitrary script code\n in the browser of an unsuspecting user in the context of the affected\n site. This may allow the attacker to steal cookie-based authentication\n credentials and to launch other attacks.\");\n script_tag(name:\"affected\", value:\"Versions prior to phpMyAdmin 3.3.8.1 and 2.11.11.1 are vulnerable.\");\n script_tag(name:\"solution\", value:\"Vendor updates are available. Please see the references for more\n information.\");\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to a cross-site scripting vulnerability because it\n fails to sufficiently sanitize user-supplied data.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"3\", test_version2:\"3.3.8.0\" ) ||\n version_in_range( version:vers, test_version:\"2.11\", test_version2:\"2.11.11.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.11.11.1/3.3.8.1\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-25T10:54:59", "description": "Check for the Version of phpMyAdmin", "cvss3": {}, "published": "2010-12-23T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2010-18343", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:1361412562310862716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862716", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2010-18343\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 14\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges, export data into various formats and\n is available in over 55 languages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862716\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-23 07:38:58 +0100 (Thu, 23 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-18343\");\n script_cve_id(\"CVE-2010-4329\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2010-18343\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~3.3.8.1~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:17", "description": "Check for the Version of phpMyAdmin", "cvss3": {}, "published": "2010-12-23T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2010-18343", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2017-12-25T00:00:00", "id": "OPENVAS:862716", "href": "http://plugins.openvas.org/nasl.php?oid=862716", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2010-18343\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"phpMyAdmin on Fedora 14\";\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the Web. Currently it can create and drop databases,\n create/drop/alter tables, delete/edit/add fields, execute any SQL statement,\n manage keys on fields, manage privileges, export data into various formats and\n is available in over 55 languages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.html\");\n script_id(862716);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-23 07:38:58 +0100 (Thu, 23 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-18343\");\n script_cve_id(\"CVE-2010-4329\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2010-18343\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~3.3.8.1~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:13:40", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2011-01-24T00:00:00", "type": "openvas", "title": "FreeBSD Ports: phpMyAdmin", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2017-02-25T00:00:00", "id": "OPENVAS:68698", "href": "http://plugins.openvas.org/nasl.php?oid=68698", "sourceData": "#\n#VID 753f8185-5ba9-42a4-be02-3f55ee580093\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 753f8185-5ba9-42a4-be02-3f55ee580093\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n phpMyAdmin\n phpMyAdmin211\n\nCVE-2010-4329\nCross-site scripting (XSS) vulnerability in the PMA_linkOrButton\nfunction in libraries/common.lib.php in the database (db) search\nscript in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1\nallows remote attackers to inject arbitrary web script or HTML via a\ncrafted request.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php\nhttp://www.vuxml.org/freebsd/753f8185-5ba9-42a4-be02-3f55ee580093.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(68698);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2010-4329\");\n script_name(\"FreeBSD Ports: phpMyAdmin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"phpMyAdmin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.3.8.1\")<0) {\n txt += 'Package phpMyAdmin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"phpMyAdmin211\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.11.11.1\")<0) {\n txt += 'Package phpMyAdmin211 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:30", "description": "The remote host is missing an update to phpmyadmin\nannounced via advisory DSA 2139-1.", "cvss3": {}, "published": "2011-03-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2139-1 (phpmyadmin)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4480", "CVE-2010-4329", "CVE-2010-4481"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231068980", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068980", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2139_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2139-1 (phpmyadmin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68980\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2010-4329\", \"CVE-2010-4480\", \"CVE-2010-4481\");\n script_name(\"Debian Security Advisory DSA 2139-1 (phpmyadmin)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202139-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2010-4329\n\nCross site scripting was possible in search, that allowed\na remote attacker to inject arbitrary web script or HTML.\n\nCVE-2010-4480\n\nCross site scripting was possible in errors, that allowed\na remote attacker to inject arbitrary web script or HTML.\n\nCVE-2010-4481\n\nDisplay of PHP's phpinfo() function was available to world, but only\nif this functionality had been enabled (defaults to off). This may\nleak some information about the host system.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny7.\n\nFor the testing (squeeze) and unstable distribution (sid), these problems\nhave been fixed in version 3.3.7-3.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your phpmyadmin package.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to phpmyadmin\nannounced via advisory DSA 2139-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"phpmyadmin\", ver:\"2.11.8.1-5+lenny7\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:55:50", "description": "The remote host is missing an update to phpmyadmin\nannounced via advisory DSA 2139-1.", "cvss3": {}, "published": "2011-03-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2139-1 (phpmyadmin)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4480", "CVE-2010-4329", "CVE-2010-4481"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:68980", "href": "http://plugins.openvas.org/nasl.php?oid=68980", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2139_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2139-1 (phpmyadmin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2010-4329\n\nCross site scripting was possible in search, that allowed\na remote attacker to inject arbitrary web script or HTML.\n\nCVE-2010-4480\n\nCross site scripting was possible in errors, that allowed\na remote attacker to inject arbitrary web script or HTML.\n\nCVE-2010-4481\n\nDisplay of PHP's phpinfo() function was available to world, but only\nif this functionality had been enabled (defaults to off). This may\nleak some information about the host system.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny7.\n\nFor the testing (squeeze) and unstable distribution (sid), these problems\nhave been fixed in version 3.3.7-3.\n\nWe recommend that you upgrade your phpmyadmin package.\";\ntag_summary = \"The remote host is missing an update to phpmyadmin\nannounced via advisory DSA 2139-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202139-1\";\n\n\nif(description)\n{\n script_id(68980);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2010-4329\", \"CVE-2010-4480\", \"CVE-2010-4481\");\n script_name(\"Debian Security Advisory DSA 2139-1 (phpmyadmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"phpmyadmin\", ver:\"2.11.8.1-5+lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nphpMyAdmin team reports:\n\nIt was possible to conduct a XSS attack using spoofed request on the\n\t db search script.\n\n\n", "cvss3": {}, "published": "2010-11-29T00:00:00", "type": "freebsd", "title": "phpMyAdmin -- XSS attack in database search", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4329"], "modified": "2010-11-29T00:00:00", "id": "753F8185-5BA9-42A4-BE02-3F55EE580093", "href": "https://vuxml.freebsd.org/freebsd/753f8185-5ba9-42a4-be02-3f55ee580093.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:38", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:244\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : phpmyadmin\r\n Date : November 30, 2010\r\n Affected: Corporate 4.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been found and corrected in phpmyadmin:\r\n \r\n It was possible to conduct a XSS attack using spoofed request on the\r\n db search script &#40;CVE-2010-4329&#41;.\r\n \r\n This upgrade provides the latest phpmyadmin versions which is not\r\n vulnerable to this security issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4329\r\n http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Corporate 4.0:\r\n 87bb4457e07c68c7eddee73bc942fdb1 corporate/4.0/i586/phpMyAdmin-2.11.11.1-0.1.20060mlcs4.noarch.rpm \r\n 013a296d2c2aa39a34b30b6d9e5f460c corporate/4.0/SRPMS/phpMyAdmin-2.11.11.1-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 5c99ed5e8e313786e6f760076c81d2da corporate/4.0/x86_64/phpMyAdmin-2.11.11.1-0.1.20060mlcs4.noarch.rpm \r\n 013a296d2c2aa39a34b30b6d9e5f460c corporate/4.0/SRPMS/phpMyAdmin-2.11.11.1-0.1.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 70394e9ba0e8f350d6de2ca373dfd9b8 mes5/i586/phpmyadmin-3.3.8.1-0.1mdvmes5.1.noarch.rpm \r\n b656823ea2dca7d61eb6ba85c3900470 mes5/SRPMS/phpmyadmin-3.3.8.1-0.1mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n a3c6238fa1f3132a27a91aa503b6e2fc mes5/x86_64/phpmyadmin-3.3.8.1-0.1mdvmes5.1.noarch.rpm \r\n b656823ea2dca7d61eb6ba85c3900470 mes5/SRPMS/phpmyadmin-3.3.8.1-0.1mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFM9MZBmqjQ0CJFipgRApUnAKDWTed6RtWZoUpy6VO0dea56dMivgCgjuzB\r\nQWpx1KX1wp8A2aQ6IUyyCTg=\r\n=+E4U\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2010-12-01T00:00:00", "title": "[ MDVSA-2010:244 ] phpmyadmin", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2010-12-01T00:00:00", "id": "SECURITYVULNS:DOC:25228", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25228", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:38", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2139-1 security@debian.org\r\nhttp://www.debian.org/security/ Thijs Kinkhorst\r\nDecember 31, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : phpmyadmin\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2010-4329 CVE-2010-4480 CVE-2010-4481\r\n\r\nSeveral vulnerabilities have been discovered in phpMyAdmin, a tool\r\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\r\nproject identifies the following problems:\r\n\r\nCVE-2010-4329\r\n\r\n Cross site scripting was possible in search, that allowed\r\n a remote attacker to inject arbitrary web script or HTML.\r\n\r\nCVE-2010-4480\r\n\r\n Cross site scripting was possible in errors, that allowed\r\n a remote attacker to inject arbitrary web script or HTML.\r\n\r\nCVE-2010-4481\r\n\r\n Display of PHP&#39;s phpinfo&#40;&#41; function was available to world, but only\r\n if this functionality had been enabled &#40;defaults to off&#41;. This may\r\n leak some information about the host system.\r\n\r\nFor the stable distribution &#40;lenny&#41;, these problems have been fixed in\r\nversion 2.11.8.1-5+lenny7.\r\n\r\nFor the testing &#40;squeeze&#41; and unstable distribution &#40;sid&#41;, these problems\r\nhave been fixed in version 3.3.7-3.\r\n\r\nWe recommend that you upgrade your phpmyadmin package.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niQEcBAEBAgAGBQJNHf0sAAoJEOxfUAG2iX57ulcIAL/G01SH84xfAQeKRarQSM+L\r\nJdOx/v9un204DK+N2Cj9qwI/oCY8gVoyISU1emufUgmsl5f0osADWpL6kv0gCaKk\r\nADXYs77K78/KDa3eixWMVMkspRxZBXA6TT6GkgSZYB14pF2krFOKXpUc3kk9dy3v\r\nI1qV9YnJhw/gXGn7XX6/Htnuu9aYqGc4+GcfFYW0j8FeJ8Og/VmgubkITvUyAHiR\r\nHE98xPwek8WhTXdsNsqpseraeaoscdizCbIfb2fHSaCJKZj+sY5eeVVOaqsG4RdV\r\nT34FuRRjsl0FrHEWSZK650cKcMvU3loAcCJnx94PTW5oqk7XDQihlInaoqEBlNY=\r\n=ZWgu\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2011-01-03T00:00:00", "title": "[SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4480", "CVE-2010-4329", "CVE-2010-4481"], "modified": "2011-01-03T00:00:00", "id": "SECURITYVULNS:DOC:25426", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25426", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-06-08T18:57:53", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2011-01-03T00:00:00", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4480", "CVE-2010-4329", "CVE-2010-4481"], "modified": "2011-01-03T00:00:00", "id": "SECURITYVULNS:VULN:11328", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11328", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-06-08T18:46:23", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2010-12-01T00:00:00", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4283", "CVE-2010-4281", "CVE-2010-3449", "CVE-2010-4280", "CVE-2010-4329", "CVE-2010-4282", "CVE-2010-3266", "CVE-2010-3267", "CVE-2010-4278", "CVE-2010-4279"], "modified": "2010-12-01T00:00:00", "id": "SECURITYVULNS:VULN:11274", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11274", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "phpmyadmin": [{"lastseen": "2021-07-28T14:34:00", "description": "## PMASA-2010-8\n\n**Announcement-ID:** PMASA-2010-8\n\n**Date:** 2010-11-29\n\n### Summary\n\nXSS attack in database search.\n\n### Description\n\nIt was possible to conduct a XSS attack using spoofed request on the db search script.\n\n### Severity\n\nWe consider this vulnerability to be non critical.\n\n### Affected Versions\n\nFor 3.x: versions before 3.3.8.1 are affected. For 2.11.x: versions before 2.11.11.1 are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 3.3.8.1 or newer, or 2.11.11.1 if using the 2.11.x family. You can also apply the patch listed below.\n\n### References\n\nThanks to Alexander Opitz for reporting this issue.\n\nAssigned CVE ids: [CVE-2010-4329](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4329>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [4341818d73d454451f024950a4ce0141608ac7f8](<https://github.com/phpmyadmin/phpmyadmin/commit/4341818d73d454451f024950a4ce0141608ac7f8>)\n\nThe following commits have been made on the 2.11 branch to fix this issue:\n\n * [e1f4901ffc400b6d2df15eac0ba5015fe48a27c4](<https://github.com/phpmyadmin/phpmyadmin/commit/e1f4901ffc400b6d2df15eac0ba5015fe48a27c4>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "cvss3": {}, "published": "2010-11-29T00:00:00", "type": "phpmyadmin", "title": "XSS attack in database search.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4329"], "modified": "2010-11-29T00:00:00", "id": "PHPMYADMIN:PMASA-2010-8", "href": "https://www.phpmyadmin.net/security/PMASA-2010-8/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:46:25", "description": "Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.", "cvss3": {}, "published": "2010-12-02T16:22:00", "type": "cve", "title": "CVE-2010-4329", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4329"], "modified": "2011-01-28T05:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:2.11.9.1", "cpe:/a:phpmyadmin:phpmyadmin:3.0.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.5", "cpe:/a:phpmyadmin:phpmyadmin:2.11.11", "cpe:/a:phpmyadmin:phpmyadmin:3.3.2.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.10.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.8.0", "cpe:/a:phpmyadmin:phpmyadmin:3.1.0", "cpe:/a:phpmyadmin:phpmyadmin:3.3.1.0", "cpe:/a:phpmyadmin:phpmyadmin:3.1.3", "cpe:/a:phpmyadmin:phpmyadmin:3.3.8", "cpe:/a:phpmyadmin:phpmyadmin:3.2.2", "cpe:/a:phpmyadmin:phpmyadmin:3.3.6", "cpe:/a:phpmyadmin:phpmyadmin:2.11.1.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.4", "cpe:/a:phpmyadmin:phpmyadmin:3.1.4", "cpe:/a:phpmyadmin:phpmyadmin:2.11.2.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.5.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.5.2", "cpe:/a:phpmyadmin:phpmyadmin:3.0.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.10.0", "cpe:/a:phpmyadmin:phpmyadmin:3.2.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.6", "cpe:/a:phpmyadmin:phpmyadmin:3.2.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.1.2", "cpe:/a:phpmyadmin:phpmyadmin:3.3.3.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.3.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.6.0", "cpe:/a:phpmyadmin:phpmyadmin:3.3.0.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2", "cpe:/a:phpmyadmin:phpmyadmin:2.11.7.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.0", "cpe:/a:phpmyadmin:phpmyadmin:3.1.2", "cpe:/a:phpmyadmin:phpmyadmin:3.1.3.2", "cpe:/a:phpmyadmin:phpmyadmin:3.0.1.1", "cpe:/a:phpmyadmin:phpmyadmin:3.3.4.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0", "cpe:/a:phpmyadmin:phpmyadmin:3.3.7", "cpe:/a:phpmyadmin:phpmyadmin:3.3.5.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.7.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.3", "cpe:/a:phpmyadmin:phpmyadmin:2.11.2.1", "cpe:/a:phpmyadmin:phpmyadmin:3.3.5.1", "cpe:/a:phpmyadmin:phpmyadmin:3.1.5", "cpe:/a:phpmyadmin:phpmyadmin:3.1.1", "cpe:/a:phpmyadmin:phpmyadmin:3.1.3.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.2"], "id": "CVE-2010-4329", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4329", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:rc1:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T18:07:10", "description": "BUGTRAQ ID: 45100\r\nCVE ID: CVE-2010-4329\r\n\r\nphpMyAdmin\u662f\u7528PHP\u7f16\u5199\u7684\u5de5\u5177\uff0c\u7528\u4e8e\u901a\u8fc7WEB\u7ba1\u7406MySQL\u3002\r\n\r\nphpMyAdmin\u7531\u4e8e\u672a\u6709\u6548\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\uff0c\u6240\u4ee5\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u5176\u4ed6\u8bbf\u95ee\u7f51\u7ad9\u7684\u7528\u6237\u7684\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\uff0c\u4ece\u800c\u7a83\u53d6\u57fa\u4e8eCookie\u7684\u9a8c\u8bc1\u51ed\u636e\uff0c\u53d1\u52a8\u5176\u4ed6\u653b\u51fb\u3002\n\nMandrakeSoft Corporate Server 4.0 x86_64\r\nMandrakeSoft Corporate Server 4.0\r\nphpMyAdmin phpMyAdmin 2.11 - 3.3.6\r\nMandrakeSoft Enterprise Server 5 x86_64\r\nMandrakeSoft Enterprise Server 5\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMandrakeSoft\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.linux-mandrake.com/en/security/", "cvss3": {}, "published": "2010-12-09T00:00:00", "type": "seebug", "title": "phpMyAdmin\u6570\u636e\u5e93\u641c\u7d22\u8de8\u7ad9\u811a\u672c\u6267\u884c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2010-4329"], "modified": "2010-12-09T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20283", "id": "SSV:20283", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "fedora": [{"lastseen": "2021-06-08T18:43:51", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges, export data into various formats and is available in over 55 languages. ", "cvss3": {}, "published": "2010-12-08T21:36:02", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: phpMyAdmin-3.3.8.1-1.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4329"], "modified": "2010-12-08T21:36:02", "id": "FEDORA:AE678110DF3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QIXWDX2F37RXIYCOFNQCHP7ZDJURJUA2/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:43:51", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges, export data into various formats and is available in over 55 languages. ", "cvss3": {}, "published": "2010-12-08T21:34:18", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: phpMyAdmin-3.3.8.1-1.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4329"], "modified": "2010-12-08T21:34:18", "id": "FEDORA:AF651110971", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/O5XH5N3ODLXVSCBLJGTT3FEXXUTMP4BI/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:35:14", "description": "Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function\nin libraries/common.lib.php in the database (db) search script in\nphpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote\nattackers to inject arbitrary web script or HTML via a crafted request.", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "ubuntucve", "title": "CVE-2010-4329", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4329"], "modified": "2010-12-02T00:00:00", "id": "UB:CVE-2010-4329", "href": "https://ubuntu.com/security/CVE-2010-4329", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-07-09T17:35:18", "description": "Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.", "cvss3": {}, "published": "2010-12-02T16:22:00", "type": "debiancve", "title": "CVE-2010-4329", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4329"], "modified": "2010-12-02T16:22:00", "id": "DEBIANCVE:CVE-2010-4329", "href": "https://security-tracker.debian.org/tracker/CVE-2010-4329", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-07-21T08:31:51", "description": "\nSeveral vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\n\n* [CVE-2010-4329](https://security-tracker.debian.org/tracker/CVE-2010-4329)\nCross site scripting was possible in search, that allowed\n a remote attacker to inject arbitrary web script or HTML.\n* [CVE-2010-4480](https://security-tracker.debian.org/tracker/CVE-2010-4480)\nCross site scripting was possible in errors, that allowed\n a remote attacker to inject arbitrary web script or HTML.\n* [CVE-2010-4481](https://security-tracker.debian.org/tracker/CVE-2010-4481)\nDisplay of PHP's phpinfo() function was available to world, but only\n if this functionality had been enabled (defaults to off). This may\n leak some information about the host system.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny7.\n\n\nFor the testing (squeeze) and unstable distribution (sid), these problems\nhave been fixed in version 3.3.7-3.\n\n\nWe recommend that you upgrade your phpmyadmin package.\n\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: [https://www.debian.org/security/]($(HOME)/security/)\n\n\n", "cvss3": {}, "published": "2010-12-31T00:00:00", "type": "osv", "title": "phpmyadmin - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4329", "CVE-2010-4480", "CVE-2010-4481"], "modified": "2022-07-21T05:47:18", "id": "OSV:DSA-2139-1", "href": "https://osv.dev/vulnerability/DSA-2139-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2021-10-22T00:30:18", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2139-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nDecember 31, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : phpmyadmin\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-4329 CVE-2010-4480 CVE-2010-4481\n\nSeveral vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2010-4329\n\n Cross site scripting was possible in search, that allowed\n a remote attacker to inject arbitrary web script or HTML.\n\nCVE-2010-4480\n\n Cross site scripting was possible in errors, that allowed\n a remote attacker to inject arbitrary web script or HTML.\n\nCVE-2010-4481\n\n Display of PHP&#x27;s phpinfo() function was available to world, but only\n if this functionality had been enabled (defaults to off). This may\n leak some information about the host system.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny7.\n\nFor the testing (squeeze) and unstable distribution (sid), these problems\nhave been fixed in version 3.3.7-3.\n\nWe recommend that you upgrade your phpmyadmin package.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2010-12-31T15:57:29", "type": "debian", "title": "[SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4329", "CVE-2010-4480", "CVE-2010-4481"], "modified": "2010-12-31T15:57:29", "id": "DEBIAN:DSA-2139-1:FDD12", "href": "https://lists.debian.org/debian-security-announce/2010/msg00190.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}