Gentoo Security Advisory GLSA 200402-05 (phpmyadmin)

The remote host is missing updates announced in advisory GLSA 200402-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200407-22 (dev-db/phpmyadmin)

The remote host is missing updates announced in advisory GLSA 200407-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200410-14 (phpMyAdmin)

The remote host is missing updates announced in advisory GLSA 200410-14. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

phpmyadmin -- Cross-Site Scripting Vulnerability

Secunia reports: An error exists in the "PMAescapeJsString" function in libraries/jsescape.lib.php, which can be exploited to bypass certain filters and execute arbitrary HTML and script code in a user's browser session in context of an affected site when e.g. Microsoft Internet Explorer is used...

Debian DSA-1641-1 : phpmyadmin - several vulnerabilities

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administrate MySQL databases over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4096 Remote authenticated users could execute arbitrary code on the host running...

FreeBSD : phpmyadmin -- XSS Vulnerability (150e4548-8950-11dd-a6fe-0030843d3802)

Secunia reports : An error exists in the 'PMAescapeJsString' function in libraries/jsescape.lib.php, which can be exploited to bypass certain filters and execute arbitrary HTML and script code in a user's browser session in context of an affected site when e.g. Microsoft Internet Explorer is used...

XSS for Microsoft Internet Explorer on several places

PMASA-2008-8 Announcement-ID: PMASA-2008-8 Date: 2008-09-23 Updated: 2008-10-01 Summary XSS for Microsoft Internet Explorer on several places Description We received an advisory from Masako Oono of NetAgent Co.,Ltd. via JPCERT/CC Vulnerability Handling Team and we wish to thank them for their wor...

[SECURITY] [DSA 1641-1] New phpmyadmin packages fix several issues

------------------------------------------------------------------------ Debian Security Advisory DSA-1641-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 20, 2008 http://www.debian.org/security/faq -...

phpMyAdmin sort_by parameter remote code execution vulnerability-vulnerability warning-the black bar safety net

Release date: 2008-09-15 Update date: 2008-09-17 Affected system: phpMyAdmin phpMyAdmin 2.11.9.1 Not affected system: phpMyAdmin phpMyAdmin 2.11.9.1 Description: BUGTRAQ ID: 3 1 1 8 8 phpMyAdmin is PHP written tool used by the WEB Management of MySQL. phpMyAdmin serverdatabases. the php script is...

DSA-1641-1 phpmyadmin - several issues

Bulletin has no description...

CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

DEBIAN-CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

Design/Logic Flaw

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

phpMyAdmin sort_by参数远程代码执行漏洞

BUGTRAQ ID: 31188 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin的serverdatabases.php脚本没有正确地过滤对sortby参数的输入，远程攻击者可以通过提交恶意请求注入并执行任意PHP代码。 phpMyAdmin 2.11.9.1 phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://cache.gmane.org//gmane/comp/security/oss/general/947-001.bin...

CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

CVE-2008-4096

CVE-2008-4096 affects phpMyAdmin; vulnerable component is libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1, where a remote authenticated user can cause arbitrary code execution via a request to server_databases.php with a sort_by parameter that contains PHP sequences processed b...

CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

FreeBSD : phpmyadmin -- Code execution vulnerability (74bf1594-8493-11dd-bb64-0030843d3802)

A phpMyAdmin security announcement : The serverdatabases.php script was vulnerable to an attack coming from a user who is already logged-on to phpMyAdmin, where he can execute shell code if the PHP configuration permits commands like exec. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...