phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection

No description provided by source. Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link: http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/ Tested on: Windows and Linux -...

openSUSE Security Update : phpMyAdmin (openSUSE-2011-14)

update to 3.4.7.1 fix for bnc728243 - security Fixed possible local file inclusion in XML import CVE-2011-4107, see PMASA-2011-17 http://www.phpmyadmin.net/homepage/security/PMASA-2011- 17.php %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

phpMyAdmin simplexml_load_string() Function Information Disclosure (PMASA-2011-17)

According to its self-identified version number, the phpMyAdmin install hosted on the remote web server is affected by an information disclosure vulnerability. The vulnerability, which is in the simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.3.x...

FreeBSD Ports: phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. VID 1f6ee708-0d22-11e1-b5bd-14dae938ec40 OpenVAS Vulnerability Test $ Description: Auto generated from VID 1f6ee708-0d22-11e1-b5bd-14dae938ec40 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD Ports: phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection

No description provided by source. Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link: http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/ Tested on: Windows and Linux -...

phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection

Exploit for php platform in category web applications Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link: http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/ Tested on: Windows...

phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)

phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection Metasploit Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link:...

phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)

Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link: http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/ Tested on: Windows and Linux - phpmyadmin versions: 3.3.6, 3.3.10, 3.4.0...

Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for phpMyAdmin FEDORA-2011-15831

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for phpMyAdmin FEDORA-2011-15846

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2011-15846 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Fedora 14 : phpMyAdmin-3.4.7.1-1.fc14 (2011-15831)

Changes for 3.4.7.1 2011-11-10 : - security Fixed possible local file inclusion in XML import CVE-2011-4107 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as mu...

Fedora 16 : phpMyAdmin-3.4.7.1-1.fc16 (2011-15841)

Changes for 3.4.7.1 2011-11-10 : - security Fixed possible local file inclusion in XML import CVE-2011-4107 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as mu...

CVE-2011-4107

The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...

CVE-2011-4107

CVE-2011-4107 affects phpMyAdmin 3.3.x (before 3.3.10.5) and 3.4.x (before 3.4.7.1). The vulnerability resides in the XML import plug‑in (libraries/import/xml.php) where simplexml_load_string can process XML data containing external entity references, enabling a remote authenticated user to read ...

Local file inclusion.

PMASA-2011-17 Announcement-ID: PMASA-2011-17 Date: 2011-11-10 Summary Local file inclusion. Description Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file limited by the privileges of the user running the web server. Severity We consider...