Self-XSS due to unescaped HTML output in recent/favorite tables navigation.

PMASA-2014-2 Announcement-ID: PMASA-2014-2 Date: 2014-06-20 Summary Self-XSS due to unescaped HTML output in recent/favorite tables navigation. Description When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. Severity We consid...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2012:1062-1)

phpMyAdmin was updated to 3.5.2.2 - fix for bnc776698, bnc776701 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-535. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2012:0494-1)

update to 3.4.10.2 - security Fixed local path disclosure vulnerability, see PMASA-2012-2 http://www.phpmyadmin.net/homepage/security/PMASA-2012- 2.php %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

openSUSE Security Update : phpMyAdmin (openSUSE-2012-135)

update to 3.4.10.1 fix for bnc747841 - security XSS in replication setup, see PMASA-2012-1 - 3.4.10.0 2012-02-14 - bug 3460090 interface TextareaAutoSelect feature broken - patch 3375984 export PHP Array export might generate invalid php code - bug 3049209 import Import from ODS ignores cell that...

openSUSE Security Update : phpMyAdmin (openSUSE-2011-14)

update to 3.4.7.1 fix for bnc728243 - security Fixed possible local file inclusion in XML import CVE-2011-4107, see PMASA-2011-17 http://www.phpmyadmin.net/homepage/security/PMASA-2011- 17.php %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

openSUSE Security Update : phpMyAdmin (openSUSE-2011-94)

update to 3.4.8 - bug 3425230 interface enum data split at space char more space to edit - bug 3426840 interface ENUM/SET editor can't handle commas in values - bug 3427256 interface no links to browse/empty views and tables - bug 3430377 interface Deleted search results remain visible - bug...

openSUSE Security Update : phpMyAdmin (openSUSE-2012-18)

update to 3.4.9 - bug 3442028 edit Inline editing enum fields with null shows no dropdown - bug 3442004 interface DB suggestion not correct for user with underscore - bug 3438420 core Magic quotes removed in PHP 5.4 - bug 3398788 session No feedback when result is empty signon authtype - bug...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2013:1065-1)

This update of phpMyAdmin fixes several security issues. - update to 3.5.8.1 2013-04-24 - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:0344-1)

phpMyAdmin was updated to 4.1.8 to fix bugs, security issues and also bring new features. Fixed security issue : - PMASA-2014-1 CVE-2014-1879, CWE-661 CWE-79 - update to 4.1.8 2014-02-22 - sf4276 Login loop on session expiry - sf4249 Incorrect number of result rows for SQL with subqueries - sf427...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2012:1507-1)

This update of phpMyAdmin is a version upgrade to 3.5.3.0 to fix multiple XSS flaws. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-790. The text description of this plugin is C...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2013:1343-1)

This version upgrade of phpMyAdmin fixed various security issues SQL injection, XSS, full path disclosure, Clickjacking %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-647. The...

[ MDVSA-2014:046 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:046 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : February 21, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered an...

PhpMyAdmin exploits concludes With Metasploit-vulnerability warning-the black bar safety net

A: affects versions: 3.5. x 3.5.8.1 and 4.0.0 4.0.0-rc3 Overview: PhpMyAdmin presence of a PREGREPLACEEVAL vulnerability Use module: exploit/multi/http/phpmyadminpregreplace CVE: CVE-2 0 1 3-3 2 3 8 II: effects version: phpMyAdmin v3. 5. 2. 2 Overview: PhpMyAdmin存在serversync.php Backdoor...

XAMPP跨站脚本和跨站请求伪造漏洞

Bugtraq ID:66680 XAMPP（Apache+MySQL+PHP+PERL）是一个建 XAMPP 软件站集成软件包。 XAMPP存在跨站脚本和跨站请求伪造漏洞，允许攻击者利用漏洞获取敏感信息，劫持用户会话或允许远程攻击者构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。 0 XAMPP & phpMyAdmin = 4.1.6 目前没有详细解决方案： http://www.apachefriends.org/en...

XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities (XSS & CSRF)

phpMyAdmin version 4.1.6 with XAMPP version 3.2.1 installed suffers from cross site request forgery and cross site scripting vulnerabilities. Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 "' in the url resulting in a reflected cross site scripting attack. The file...

XAMPP 3.2.1 phpMyAdmin 4.1.6 - Multiple Vulnerabilities

XAMPP 3.2.1 phpMyAdmin 4.1.6 - Multiple Vulnerabilities Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 = multiple vulnerabilities Date: 6/04/2014 Author: hackerDesk Software Link: http://www.apachefriends.org/en/xampp-windows.html Version: 3.2.1 & 4.1.6 Tested on: Windows 7 CVE : kuDos tO: Mayank...

XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities

Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 = multiple vulnerabilities Date: 6/04/2014 Author: hackerDesk Software Link: http://www.apachefriends.org/en/xampp-windows.html Version: 3.2.1 & 4.1.6 Tested on: Windows 7 CVE : kuDos tO: Mayank Kapoor@wHys0SerI0s Sujoy Chakravarti@sujoy3188, Gurjant Singh...

XAMPP 3.2.1 / phpMyAdmin 4.1.6 XSS / CSRF

Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 = multiple vulnerabilities Date: 6/04/2014 Author: Software Link: http://www.apachefriends.org/en/xampp-windows.html Version: 3.2.1 & 4.1.6 Tested on: Windows 7 CVE : ██░ ██ ▄▄▄ ▄████▄ ██ ▄█▀▓█████ ██▀███ ▓█████▄ ▓█████ ██████ ██ ▄█▀ ▓██░ ██▒▒████▄ ▒██▀ ▀█...

plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak

plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execu...

Web servers PHPMyAdmin Misconfiguration Code Injection

A code injection vulnerability has been reported in PHPMyAdmin. The vulnerability is due to PHPMyAdmin misconfiguration. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target...