Lucene search
K

9 matches found

OpenVAS
OpenVAS
added 2010/05/04 12:0 a.m.26 views

Debian: Security Advisory (DSA-2034-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.5AI score0.02665EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2010/04/19 12:0 a.m.39 views

Debian DSA-2034-1 : phpmyadmin - several vulnerabilities

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-7251 phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, wi...

10CVSS5AI score0.02665EPSS
Exploits2References7
Debian
Debian
added 2010/04/17 12:35 p.m.31 views

[SECURITY] [DSA 2034-1] New phpmyadmin packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2034-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 17, 2010 http://www.debian.org/security/faq -...

10CVSS6.5AI score0.02665EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2010/01/27 12:0 a.m.56 views

phpMyAdmin setup.php unserialize() Arbitrary PHP Code Execution (PMASA-2010-3)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. Submitting a specially crafted POST request can result in arbitrary PHP code injection. A remote...

5CVSS5.8AI score0.0236EPSS
Exploits1References2
seebug.org
seebug.org
added 2010/01/21 12:0 a.m.38 views

phpMyAdmin unserialize()调用跨站请求伪造漏洞

BUGTRAQ ID: 37861 CVECAN ID: CVE-2009-4605 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin使用了传送给scripts/setup.php脚本的configuration和v0输入参数来调用unserialize函数,远程攻击者可以通过提交恶意请求执行跨站请求伪造攻击,以其他用户的权限执行任意指令。 phpMyAdmin 2.11.x 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

5CVSS0.5AI score0.0236EPSS
Exploits1
CVE
CVE
added 2010/01/19 4:0 p.m.98 views

CVE-2009-4605

CVE-2009-4605 concerns phpMyAdmin 2.11.x up to 2.11.9/2.11.10 setup.php where untrusted data is fed into unserialize, enabling CSRF and, in some reports, remote code execution in the web-server context. The vulnerability affects the setup script that processes (1) configuration and (2) v[0] param...

5CVSS6.6AI score0.0236EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2010/01/19 4:0 p.m.37 views

CVE-2009-4605

scripts/setup.php aka the setup script in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the 1 configuration and 2 v0 parameters, which might allow remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

6.4AI score0.0236EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2010/01/18 12:0 a.m.26 views

openSUSE Security Update : phpMyAdmin (phpMyAdmin-1801)

The use of unserialize on POST data which could have lead to remote code execution CVE-2009-4605 has been fixed as well as some minor temporary file issues CVE-2008-7251, CVE-2008-7252. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...

10CVSS5.5AI score0.02665EPSS
Exploits2References4
phpMyAdmin
phpMyAdmin
added 2010/01/15 12:0 a.m.52 views

Unsafe usage of unserialize function.

PMASA-2010-3 Announcement-ID: PMASA-2010-3 Date: 2010-01-15 Updated: 2010-01-27 Summary Unsafe usage of unserialize function. Description phpMyAdmin used the unserialize PHP function on potentially unsafe data in setup script, what could be potentially used for XSRF attack, which can lead to code...

5CVSS5.8AI score0.0236EPSS
Exploits1Affected Software1
Rows per page
Query Builder