18 matches found
phpMyAdmin Multiple Security Vulnerabilities (Apr 2013) - Linux
phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...
PhpMyAdmin preg_replace Function Code Injection - Ver2 (CVE-2013-3238)
A vulnerability has been reported in phpMyAdmin, a web-based administration console for MySQL servers. The vulnerability is due to an input validation error when handling queries of the types replaceprefixtbl or copytblchangeprefix to dbstructure.php. A remote, authenticated attacker could exploi...
phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities
No description provided by source. waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind waraxe Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html...
phpMyAdmin Authenticated Remote Code Execution via preg_replace()
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
openSUSE Security Update : phpMyAdmin (openSUSE-SU-2013:1065-1)
This update of phpMyAdmin fixes several security issues. - update to 3.5.8.1 2013-04-24 - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013...
PhpMyAdmin exploits concludes With Metasploit-vulnerability warning-the black bar safety net
A: affects versions: 3.5. x 3.5.8.1 and 4.0.0 4.0.0-rc3 Overview: PhpMyAdmin presence of a PREGREPLACEEVAL vulnerability Use module: exploit/multi/http/phpmyadminpregreplace CVE: CVE-2 0 1 3-3 2 3 8 II: effects version: phpMyAdmin v3. 5. 2. 2 Overview: PhpMyAdmin存在serversync.php Backdoor...
phpMyAdmin preg_replace from_prefix sanitization vulnerability
Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...
Fedora Update for phpMyAdmin FEDORA-2013-7000
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for phpMyAdmin FEDORA-2013-6977
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...
[ MDVSA-2013:160 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:160 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : May 3, 2013 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerabilities: In some...
[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin
waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:160)
Updated phpmyadmin package fixes security vulnerabilities : In some PHP versions, the pregreplace\ function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly...
phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin Authenticated Remote Code...
phpMyAdmin Authenticated Remote Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin Authenticated Remote Code...
phpMyAdmin Authenticated Remote Code Execution via preg_replace()
This module exploits a PREGREPLACEEVAL vulnerability in phpMyAdmin's replaceprefixtbl within libraries/multsubmits.inc.php via dbsettings.php This affects versions 3.5.x 5.4.6 are not vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2013-3238
CVE-2013-3238 affects phpMyAdmin: versions 3.5.x before 3.5.8.1 and 4.x before 4.0.0-rc3 allow remote authenticated users to execute arbitrary PHP code via a /e\x00 sequence in the Replace table prefix flow, before a preg_replace call. Impact is arbitrary code execution in the HTTP server context...
CVE-2013-3238
creationtimestamp| type| source ---|---|--- 2013-04-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/25003 2013-05-01 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/25136 2018-05-29 15:50:33+00:00| seen|...
phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite
waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...