Fedora 8 : phpMyAdmin-2.11.5-1.fc8 (2008-2189)

This is a bugfix-only version containing a security fix: Remove cookies from $REQUEST for better coexistence with other applications, thanks to Richard Cunningham. See PMASA-2008-1. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

FreeBSD : phpmyadmin -- SQL injection vulnerability (ce2f2ade-e7df-11dc-a701-000bcdc1757a)

A phpMyAdmin security announcement report : phpMyAdmin used the $REQUEST superglobal as a source for its parameters, instead of $GET and $POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere. Another application could set a cookie for...

phpMyAdmin $_REQUEST参数SQL注入漏洞

BUGTRAQ ID: 28068 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin使用$REQUEST而不是$GET和$POST变量作为其参数来源，并且在SQL查询中未经过滤便使用了参数，如果用户受骗访问了恶意网站的话，就可能导致SQL注入攻击。 phpMyAdmin phpMyAdmin 2.11.5 厂商补丁： phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Cross site request forgery (csrf)

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

DEBIAN-CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

CVE-2008-1149

CVE-2008-1149 affects phpMyAdmin prior to 2.11.5, where code reads parameters from $_REQUEST (instead of $_GET/$_POST), enabling attackers in the same domain to override variables and perform SQL injection and CSRF via crafted cookies. The connected documents indicate this was addressed in later ...

CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.5-1.fc7

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.5-1.fc8

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

phpMyAdmin < 2.11.5 SQLi

Binary data 4407.prm...

phpmyadmin -- SQL injection vulnerability

A phpMyAdmin security announcement report: phpMyAdmin used the $REQUEST superglobal as a source for its parameters, instead of $GET and $POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere. Another application could set a cookie for t...

SQL injection vulnerability (Delayed Cross Site Request Forgery)

PMASA-2008-1 Announcement-ID: PMASA-2008-1 Date: 2008-03-01 Updated: 2008-03-03 Summary SQL injection vulnerability Delayed Cross Site Request Forgery Description We received an advisory from Richard Cunningham, and we wish to thank him for his work. phpMyAdmin used the $$REQUEST superglobal as a...

Debian Security Advisory DSA 1403-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 1403-1. OpenVAS Vulnerability Test $Id: deb14031.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1403-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1370-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 1370-1. OpenVAS Vulnerability Test $Id: deb13701.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1370-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 880-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 880-1. Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following...

Debian Security Advisory DSA 1207-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 1207-1. Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3621...