Fedora 8 : phpMyAdmin-2.11.5.1-1.fc8 (2008-2825)

This update addresses PMASA-2008-2 / CVE-2008-1567: phpMyAdmin upstream received an advisory from Jim Hermann: It saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...

[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.5.1-1.fc7

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.5.1-1.fc8

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

Information disclosure

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

DEBIAN-CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

CVE-2008-1567

CVE-2008-1567 affects phpMyAdmin; version prior to 2.11.5.1 stores the MySQL username, password, and the Blowfish secret key in cleartext in a Session file under /tmp, enabling local users to obtain sensitive information. Connected advisories show patches upgrading to phpMyAdmin 2.11.9.4 (e.g., o...

CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

phpmyadmin -- Username/Password Session File Information Disclosure

A phpMyAdmin security announcement report: phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...

PT-2008-3126 · Mysql Server · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions prior to 2.11.5.1 Description: The issue allows local users to obtain sensitive information, including the MySQL username, password, and the Blowfish secret key, which are stored in cleartext in a Session file under /tmp...

Credentials disclosure on shared hosts via session data

PMASA-2008-2 Announcement-ID: PMASA-2008-2 Date: 2008-03-29 Summary Credentials disclosure on shared hosts via session data Description We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5084)

This update of phpMyAdmin fixes a cross-site-scripting vulnerability. CVE-2007-6100,CVE-2007-5589 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update phpMyAdmin-5084. The text description of this...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5083)

This update of phpMyAdmin fixes a cross-site-scripting vulnerability. CVE-2007-6100,CVE-2007-5589 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update phpMyAdmin-5083. The text description of this...

GLSA-200803-15 : phpMyAdmin: SQL injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200803-15 phpMyAdmin: SQL injection vulnerability Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact : An attacker could entice a user to visit a malicio...

[ GLSA 200803-15 ] phpMyAdmin: SQL injection vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

phpMyAdmin: SQL injection vulnerability

Background phpMyAdmin is a free web-based database administration tool. Description Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact An attacker could entice a user to visit a malicious web application that sets an...

Fedora 7 : phpMyAdmin-2.11.5-1.fc7 (2008-2229)

This is a bugfix-only version containing a security fix: Remove cookies from $REQUEST for better coexistence with other applications, thanks to Richard Cunningham. See PMASA-2008-1. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...