Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2286-1
HistoryJul 26, 2011 - 12:00 a.m.

phpymadmin - several

2011-07-2600:00:00
Google
osv.dev
5

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.538 Medium

EPSS

Percentile

97.1%

JSON

Several vulnerabilities were discovered in phpMyAdmin, a tool to
administrate MySQL over the web. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2011-2505
    Possible session manipulation in Swekey authentication.
  • CVE-2011-2506
    Possible code injection in setup script, in case session
    variables are compromised.
  • CVE-2011-2507
    Regular expression quoting issue in Synchronize code.
  • CVE-2011-2508
    Possible directory traversal in MIME-type transformation.
  • CVE-2011-2642
    Cross site scripting in table Print view when the attacker can
    create crafted table names.
  • No CVE name yet

Possible superglobal and local variables manipulation in
Swekey authentication. (PMASA-2011-12)

The oldstable distribution (lenny) is only affected by

CVE-2011-2642, which has been fixed in version 2.11.8.1-5+lenny9.

For the stable distribution (squeeze), these problems have been fixed
in version 3.3.7-6.

For the testing distribution (wheezy) and unstable distribution (sid),
these problems have been fixed in version 3.4.3.2-1.

We recommend that you upgrade your phpmyadmin packages.

Related

securityvulns 4
debian 1
nessus 8
openvas 18
seebug 5
packetstorm 3
freebsd 2
dsquare 1
exploitpack 2
exploitdb 2
checkpoint_advisories 2
debiancve 6
phpmyadmin 5
ubuntucve 6
cve 6
osv 2
prion 6
github 2
gentoo 1
threatpost 2
thn 2
fedora 2
securityvulns
securityvulns
[SECURITY] [DSA 2286-1] phpmyadmin security update
2011-08-01 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-07-13 00:00:00
phpMyAdmin 3.x Multiple Remote Code Executions
2011-07-13 00:00:00
debian
debian
[SECURITY] [DSA 2286-1] phpmyadmin security update
2011-07-26 19:11:55
nessus
nessus
Debian DSA-2286-1 : phpmyadmin - several vulnerabilities
2011-07-28 00:00:00
Fedora 14 : phpMyAdmin-3.4.3.1-1.fc14 (2011-9144)
2011-07-18 00:00:00
FreeBSD : phpmyadmin -- multiple vulnerabilities (7e4e5c53-a56c-11e0-b180-00216aa06fc2)
2011-07-05 00:00:00
openvas
openvas
FreeBSD Ports: phpmyadmin
2011-08-03 00:00:00
FreeBSD Ports: phpmyadmin
2011-08-03 00:00:00
Fedora Update for phpMyAdmin FEDORA-2011-9144
2011-07-18 00:00:00
seebug
seebug
phpMyAdmin 3.x 多个安全漏洞
2011-07-07 00:00:00
phpMyAdmin 3.x Multiple Remote Code Executions
2011-07-09 00:00:00
phpMyAdmin3 (pma3) Remote Code Execution Exploit
2011-07-10 00:00:00
packetstorm
packetstorm
phpMyAdmin 3.x Remote Code Execution
2011-07-08 00:00:00
phpMyAdmin3 Remote Code Execution
2011-07-09 00:00:00
phpMyAdmin 3.x Swekey Remote Code Injection
2011-07-09 00:00:00
freebsd
freebsd
phpmyadmin -- multiple vulnerabilities
2011-07-02 00:00:00
phpmyadmin -- multiple vulnerabilities
2011-07-23 00:00:00
dsquare
dsquare
Phpmyadmin 3.x RCE
2012-01-26 00:00:00
exploitpack
exploitpack
phpMyAdmin3 (pma3) - Remote Code Execution
2011-07-08 00:00:00
phpMyAdmin 3.x - Swekey Remote Code Injection
2011-07-09 00:00:00
exploitdb
exploitdb
phpMyAdmin3 (pma3) - Remote Code Execution
2011-07-08 00:00:00
phpMyAdmin 3.x - Swekey Remote Code Injection
2011-07-09 00:00:00
checkpoint_advisories
checkpoint_advisories
PhpMyAdmin Sweky Remote Code Injection Exploit (CVE-2011-2506)
2013-10-20 00:00:00
PhpMyAdmin Remote Variable Manipulation (CVE-2011-2505)
2013-10-20 00:00:00
debiancve
debiancve
CVE-2011-2508
2011-07-14 23:55:00
CVE-2011-2506
2011-07-14 23:55:00
CVE-2011-2507
2011-07-14 23:55:00
phpmyadmin
phpmyadmin
Possible code injection in setup script in case session variables are compromised.
2011-07-02 00:00:00
Possible directory traversal.
2011-07-02 00:00:00
Possible session manipulation in Swekey authentication.
2011-07-02 00:00:00
ubuntucve
ubuntucve
CVE-2011-2506
2011-07-14 00:00:00
CVE-2011-2508
2011-07-14 00:00:00
CVE-2011-2507
2011-07-14 00:00:00
cve
cve
CVE-2011-2506
2011-07-14 23:55:00
CVE-2011-2508
2011-07-14 23:55:00
CVE-2011-2507
2011-07-14 23:55:00
osv
osv
phpMyAdmin vulnerable to static code injection
2022-05-14 02:55:16
phpMyAdmin remote variable manipulation
2022-05-14 02:55:16
prion
prion
Directory traversal
2011-07-14 23:55:00
Code injection
2011-07-14 23:55:00
Code injection
2011-07-14 23:55:00
github
github
phpMyAdmin vulnerable to static code injection
2022-05-14 02:55:16
phpMyAdmin remote variable manipulation
2022-05-14 02:55:16
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2012-01-04 00:00:00
threatpost
threatpost
Attackers Reused Adobe Reader Exploit Code From 2009 In Extremely Targeted Hacks
2012-01-12 01:17:48
Call for Ban on Vulnerable PHP SuperGlobal Variables
2013-09-09 14:54:04
thn
thn
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 17:45:00
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 06:45:00
fedora
fedora
[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.3.2-1.fc15
2011-08-05 03:52:20
[SECURITY] Fedora 14 Update: phpMyAdmin-3.4.3.2-1.fc14
2011-08-05 03:49:58

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.538 Medium

EPSS

Percentile

97.1%

JSON
Related for OSV:DSA-2286-1
securityvulns4debian1nessus8openvas18seebug5packetstorm3freebsd2dsquare1exploitpack2exploitdb2checkpoint_advisories2debiancve6phpmyadmin5ubuntucve6cve6osv2prion6github2gentoo1threatpost2thn2fedora2