FreeBSD : phpmyadmin -- Local file inclusion (1f6ee708-0d22-11e1-b5bd-14dae938ec40)

Jan Lieskovsky reports : Importing a specially crafted XML file which contains an XML entity injection permits to retrieve a local file limited by the privileges of the user running the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.7-1.fc15

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index =3D es, users, permissions, while you still have the ability to...

[SECURITY] Fedora 16 Update: phpMyAdmin-3.4.7-1.fc16

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index =3D es, users, permissions, while you still have the ability to...

[SECURITY] Fedora 14 Update: phpMyAdmin-3.4.7-1.fc14

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index =3D es, users, permissions, while you still have the ability to...

phpMyAdmin simplexml_load_string()函数信息泄露漏洞

No description provided by source...

phpmyadmin -- Local file inclusion

Jan Lieskovsky reports: Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file limited by the privileges of the user running the web server...

Local file inclusion.

PMASA-2011-17 Announcement-ID: PMASA-2011-17 Date: 2011-11-10 Summary Local file inclusion. Description Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file limited by the privileges of the user running the web server. Severity We consider...

phpMyAdmin "simplexml_load_string()"函数信息泄露漏洞

BUGTRAQ ID: 50497 phpMyAdmin是一个用PHP编写的，可以通过web方式控制和操作MySQL数据库。 phpMyAdmin在simplexmlloadstring函数的实现上存在信息泄露漏洞，攻击者可利用此漏洞在服务器中读取任意文件。 phpMyAdmin 3.x phpMyAdmin 2.x 厂商补丁： phpMyAdmin ---------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.phpmyadmin.net/homepage/security/...

PhpMyadmin arbitrary file reading vulnerability-vulnerability warning-the black bar safety net

PhpMyadmin to achieve the wrong using the simplexmlloadstring function for parsing xml, but this function is in default and did not deal with external entities of safety, causing the user can by means of xml files to read and access the application has permission to access system and network...

MIT Server Tangled Up In Drive-by Download Campaign

A server at the Massachusetts Institute of Technology MIT was being used to serve up attacks in a coordinated drive-by download campaign, according to research done by anti-virus firm Bitdefender. According to a post on their Malware City blog, a server named CSH-2.MIT.EDU is hosting a script tha...

phpMyAdmin Arbitrary File Read

Hi 80sec report this bug on wooyun,PhpMyadmin use a simplexmlloadstring function to read xml from user input,this may be exploied to read files from the server or network in libraries/import/xml.php,some code like this / Load the XML string The option LIBXMLCOMPACT is specified because it can...

DEBIAN-CVE-2011-4064

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...

CVE-2011-4064

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...

Cross site scripting

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...

CVE-2011-4064

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...

CVE-2011-4064

CVE-2011-4064 is a cross-site scripting (XSS) vulnerability affecting phpMyAdmin in the Setup Interface for the 3.4.x line, with exploitation possible via a crafted value and impact limited to user-visible script/HTML injection. The vulnerability is tied to phpMyAdmin versions before 3.4.6 (3.4.x...

CVE-2011-4064

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...

CVE-2011-4064

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...

Mandriva Update for phpmyadmin MDVSA-2011:158 (phpmyadmin)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for phpmyadmin MDVSA-2011:158 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVSA-2011:158 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...