CVE-2011-2643

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter...

CVE-2011-2642

Multiple cross-site scripting XSS vulnerabilities in the table Print view implementation in tblprintview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name...

CVE-2011-2718

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to 1...

CVE-2011-2719

libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain...

PT-2011-4040 · Phpmyadmin · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 3.4.x through 3.4.3.1 Description: The issue allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field. This is related to the files...

PT-2011-4041 · Phpmyadmin · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 3.x prior to 3.3.10.3 phpMyAdmin versions 3.4.x prior to 3.4.3.2 Description: The issue is related to the management of sessions associated with Swekey authentication in the phpMyAdmin software. This allows remote attacker...

[SECURITY] [DSA 2286-1] phpmyadmin security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2286-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 26, 2011 http://www.debian.org/security/faq -...

phpMyAdmin 3.3.x < 3.3.10.3 / 3.4.x < 3.4.3.2 Multiple Vulnerabilities

Binary data 5995.prm...

Debian DSA-2286-1 : phpmyadmin - several vulnerabilities

Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-2505 Possible session manipulation in Swekey authentication. - CVE-2011-2506 Possible code injection in...

[SECURITY] [DSA 2286-1] phpmyadmin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2286-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 26, 2011 http://www.debian.org/security/faq -...

phpMyAdmin 3.x Conditional Session Manipulation

No description provided by source. Application: phpMyAdmin 3.x Patched ver: 3.3.10.3 and 3.4.3.2 Severity: Low Exploitable: Remote PMASA ID: PMASA-2011-12 Description If the Swekey extention is activated a remote attacker can manipulate the variables in the the global namespace. Fix Upgrade to...

phpMyAdmin 3.x Conditional Session Manipulation

phpMyAdmin 3.x Conditional Session Manipulation Advisory from ???????????????????????????????????????????????.??? ??':????:'?????????????????????????????????????????::?????'??'.? ????'.??.'?????????????????????????????????????????????????????? ?????'..'???????..???..?????????:':??????????...

FreeBSD : phpmyadmin -- multiple vulnerabilities (d79fc873-b5f9-11e0-89b4-001ec9578670)

The phpMyAdmin development team reports : XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loc...

DSA-2286-1 phpymadmin - several

Bulletin has no description...

Several vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting, Local File Inclusion, Code Execution and Session Manipulation. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version...

Possible superglobal and local variables manipulation in swekey authentication.

PMASA-2011-12 Announcement-ID: PMASA-2011-12 Date: 2011-07-23 Updated: 2011-07-25 Summary Possible superglobal and local variables manipulation in swekey authentication. Description It was possible to manipulate the PHP superglobals including SESSION using some of the Swekey authentication code...

Local file inclusion.

PMASA-2011-10 Announcement-ID: PMASA-2011-10 Date: 2011-07-23 Summary Local file inclusion. Description Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. Severity We consider this vulnerability to be serious. Mitigation factor The phpMyAdmin's...

Local file inclusion vulnerability and code execution.

PMASA-2011-11 Announcement-ID: PMASA-2011-11 Date: 2011-07-23 Summary Local file inclusion vulnerability and code execution. Description In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. Severity We consider this vulnerability to be...

XSS in table Print view.

PMASA-2011-9 Announcement-ID: PMASA-2011-9 Date: 2011-07-23 Summary XSS in table Print view. Description The attacker must trick the victim into clicking a link that reaches phpMyAdmin's table print view script; one of the link's parameters is a crafted table name the name containing Javascript...

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...