phpMyAdmin多个跨站脚本漏洞

BUGTRAQ ID: 30420 CNCAN ID：CNCAN-2008073002 phpMyAdmin是一款基于PHP的管理MySQL的应用程序。 phpMyAdmin不正确过滤用户提交的参数，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 -phpMyAdmin应允许帧显示到其他页中，可导致钓鱼攻击。 -setup.php存在跨站脚本攻击，可导致覆写config/config.inc.php文件。 phpMyAdmin phpMyAdmin 2.11.7 phpMyAdmin phpMyAdmin 2.11.5 1 phpMyAdmin phpMyAdmin 2.11.4...

Cross-site Framing; XSS in setup.php

PMASA-2008-6 Announcement-ID: PMASA-2008-6 Date: 2008-07-28 Summary Cross-site Framing; XSS in setup.php Description We received two advisories from Aung Khant YGN Ethical Hacker Group, and we wish to thank him for his work. It was permitted to display phpMyAdmin's frames inside another page,...

FreeBSD : phpmyadmin -- cross site request forgery vulnerabilities (35e54755-54e4-11dd-ad8b-0030843d3802)

A phpMyAdmin security announcement : A logged-in user, if abused into clicking a crafted link or loading an attack page, would create a database he did not intend to, or would change his connection character set. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...

Fedora 8 : phpMyAdmin-2.11.7.1-1.fc8 (2008-6450)

"This update solves a not yet clearly documented security issue with phpMyAdmin. - interface New field cannot be auto-increment and primary key - dbi Incorrect interpretation for some mysqli field flags - display part 1: do not display a TEXT utf8bin as BLOB fixed for mysqli extension only -...

Fedora 9 : phpMyAdmin-2.11.7.1-1.fc9 (2008-6502)

"This update solves a not yet clearly documented security issue with phpMyAdmin. - interface New field cannot be auto-increment and primary key - dbi Incorrect interpretation for some mysqli field flags - display part 1: do not display a TEXT utf8bin as BLOB fixed for mysqli extension only -...

[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.7.1-1.fc8

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

[SECURITY] Fedora 9 Update: phpMyAdmin-2.11.7.1-1.fc9

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

DEBIAN-CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

CVE-2008-3197

CVE-2008-3197 affects phpMyAdmin prior to 2.11.7.1, introducing a cross-site request forgery (CSRF) that enables unauthorized actions via links or image tags. The CSRF targets (1) the db parameter in the “Creating a Database” function (db_create.php) and (2) convcharset and collation_connection r...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

phpmyadmin -- cross site request forgery vulnerabilities

A phpMyAdmin security announcement: A logged-in user, if abused into clicking a crafted link or loading an attack page, would create a database he did not intend to, or would change his connection character set...

XSRF/CSRF for creating a database and modifying user charset

PMASA-2008-5 Announcement-ID: PMASA-2008-5 Date: 2008-07-15 Updated: 2008-07-16 Summary XSRF/CSRF for creating a database and modifying user charset Description We received an advisory from Aung Khant YGN Ethical Hacker Group, and we wish to thank him for his work. A logged-in user, if abused int...

CVE-2008-3032

Cross-site scripting XSS vulnerability in the phpMyAdmin phpmyadmin extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the phpMyAdmin phpmyadmin extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-3032

Cross-site scripting XSS vulnerability in the phpMyAdmin phpmyadmin extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...