Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1370-1
HistorySep 09, 2007 - 12:00 a.m.

phpmyadmin - several vulnerabilities

2007-09-0900:00:00
Google
osv.dev
4

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:

  • CVE-2007-1325
    The PMA_ArrayWalkRecursive function in libraries/common.lib.php
    does not limit recursion on arrays provided by users, which allows
    context-dependent attackers to cause a denial of service (web
    server crash) via an array with many dimensions.

This issue affects only the stable distribution (Etch).

  • CVE-2007-1395
    Incomplete blacklist vulnerability in index.php allows remote
    attackers to conduct cross-site scripting (XSS) attacks by
    injecting arbitrary JavaScript or HTML in a (1) db or (2) table
    parameter value followed by an uppercase </SCRIPT> end tag,
    which bypasses the protection against lowercase </script>.

This issue affects only the stable distribution (Etch).

  • CVE-2007-2245
    Multiple cross-site scripting (XSS) vulnerabilities allow remote
    attackers to inject arbitrary web script or HTML via (1) the
    fieldkey parameter to browse_foreigners.php or (2) certain input
    to the PMA_sanitize function.
  • CVE-2006-6942
    Multiple cross-site scripting (XSS) vulnerabilities allow remote
    attackers to inject arbitrary HTML or web script via (1) a comment
    for a table name, as exploited through (a) db_operations.php,
    (2) the db parameter to (b) db_create.php, (3) the newname parameter
    to db_operations.php, the (4) query_history_latest,
    (5) query_history_latest_db, and (6) querydisplay_tab parameters to
    © querywindow.php, and (7) the pos parameter to (d) sql.php.

This issue affects only the oldstable distribution (Sarge).

  • CVE-2006-6944
    phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
    that use IP addresses via false headers.

This issue affects only the oldstable distribution (Sarge).

For the old stable distribution (sarge) these problems have been fixed in
version 2.6.2-3sarge5.

For the stable distribution (etch) these problems have been fixed in
version 2.9.1.1-4.

For the unstable distribution (sid) these problems have been fixed in
version 2.10.1-1.

We recommend that you upgrade your phpmyadmin packages.

CPENameOperatorVersion
phpmyadmineq4:2.9.1.1-3

Related

openvas 7
nessus 3
debian 2
osv 1
debiancve 8
phpmyadmin 5
ubuntucve 8
cve 8
prion 6
redhatcve 1
securityvulns 1
gentoo 1
openvas
openvas
Debian: Security Advisory (DSA-1370-2)
2008-01-17 00:00:00
Debian Security Advisory DSA 1370-1 (phpmyadmin)
2008-01-17 00:00:00
Debian Security Advisory DSA 1370-2 (phpmyadmin)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-1370-1 : phpmyadmin - several vulnerabilities
2007-09-14 00:00:00
openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-3990)
2007-10-17 00:00:00
GLSA-200903-32 : phpMyAdmin: Multiple vulnerabilities
2009-03-19 00:00:00
debian
debian
[SECURITY] [DSA 1370-1] New phpmyadmin packages fix several vulnerabilities
2007-09-09 21:42:15
[SECURITY] [DSA 1370-2] New phpmyadmin packages fix several vulnerabilities
2007-09-10 23:38:37
osv
osv
phpmyadmin - several vulnerabilities
2007-09-09 00:00:00
debiancve
debiancve
CVE-2006-6944
2007-01-19 02:28:00
CVE-2007-2245
2007-04-25 16:19:00
CVE-2006-6942
2007-01-19 02:28:00
phpmyadmin
phpmyadmin
Bad IP Allow/Deny checking
2006-11-17 00:00:00
XSS vulnerabilities
2007-04-24 00:00:00
XSS vulnerability
2006-11-17 00:00:00
ubuntucve
ubuntucve
CVE-2006-6944
2007-01-19 00:00:00
CVE-2007-2245
2007-04-25 00:00:00
CVE-2006-6942
2007-01-19 00:00:00
cve
cve
CVE-2006-6944
2007-01-19 02:28:00
CVE-2007-2245
2007-04-25 16:19:00
CVE-2006-6942
2007-01-19 02:28:00
prion
prion
Cross site scripting
2007-04-25 16:19:00
Cross site scripting
2007-03-10 22:19:00
Cross site scripting
2007-11-15 00:46:00
redhatcve
redhatcve
CVE-2007-5977
2019-10-04 21:17:26
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-03-09 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2009-03-18 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-1370-1
openvas7nessus3debian2osv1debiancve8phpmyadmin5ubuntucve8cve8prion6redhatcve1securityvulns1gentoo1