16 matches found
PhpMyAdmin Sweky Remote Code Injection Exploit (CVE-2011-2506)
A Code Injection vulnerability has been reported in PhpMyAdmin...
Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)
The remote host is missing updates announced in advisory GLSA 201201-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Mandriva Update for phpmyadmin MDVSA-2011:124 (phpmyadmin)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
[SECURITY] [DSA 2286-1] phpmyadmin security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2286-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 26, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2286-1] phpmyadmin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2286-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 26, 2011 http://www.debian.org/security/faq -...
Fedora Update for phpMyAdmin FEDORA-2011-9144
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2011-2506
CVE-2011-2506 affects phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1. Root cause: setup/lib/ConfigGenerator.class.php does not properly restrict closing comment delimiters, enabling remote attackers to perform static code injection by manipulating the SESSION superglobal. Impact: remote ...
phpMyAdmin 3.x - Swekey Remote Code Injection
':'';? . , \ . . ,/ , / , \ \ // / / / \ | | \ / | |\ /| | | | | | | | / | | | | / | | | || | | | | | \ \ | | | || | \ \ | | | | | | | | | | | | / / | | | | | | | | | | | | | | | |// || || | |// || || ||| | || ||| || | ||...
phpMyAdmin 3.x Swekey Remote Code Injection Exploit
Exploit for php platform in category web applications ':'';? . , \ . . ,/ , / , \ \ // / / / \ | | \ / | |\ /| | | | | | | | / | | | | / | | | || | | | | | \ \ | | | || | \ \ | | | | | | | | | | | | / / | | | | | | | | | | | | | | | |// || || | |// || || ||| | || ||| || | ||...
phpMyAdmin3 Remote Code Execution
!/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "config" directory must created&writeable in pm...
phpMyAdmin 3.x Multiple Remote Code Executions
No description provided by source. File: libraries/auth/swekey/swekey.auth.lib.php Lines: 266-276 Patched in: 3.3.10.2 and 3.4.3.1 Type: Variable Manipulation Assigned CVE id: CVE-2011-2505 PMA Announcement-ID: PMASA-2011-5 266 if strstr$SERVER'QUERYSTRING','sessiontounset' != false 267 268...
phpMyAdmin 3.x Swekey Remote Code Injection Exploit
No description provided by source. ?php / Exploit Title: phpMyAdmin 3.x Swekey Remote Code Injection Exploit Date: 2011-07-09 Author: Mango of ha.xxor.se Version: phpMyAdmin 3.3.10.2 || phpMyAdmin 3.4.3.1 CVE : CVE-2011-2505, CVE-2011-2506 Advisory:...
phpMyAdmin3 (pma3) - Remote Code Execution
phpMyAdmin3 pma3 - Remote Code Execution !/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "confi...
phpMyAdmin3 (pma3) - Remote Code Execution
!/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "config" directory must created&writeable in pm...
phpMyAdmin 3.x Remote Code Execution
phpMyAdmin 3.x Multiple Remote Code Executions This post details a few interesting vulnerabilities I found while relaxing and reading the sourcecode of phpMyAdmin. My original advisory can be found here. If you would like me to audit your PHP project, check out Xxor's PHP code auditing service. T...
Possible code injection in setup script in case session variables are compromised.
PMASA-2011-6 Announcement-ID: PMASA-2011-6 Date: 2011-07-02 Summary Possible code injection in setup script in case session variables are compromised. Description An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can modify this key by modifyin...