Possible directory traversal.

PMASA-2011-8 Announcement-ID: PMASA-2011-8 Date: 2011-07-02 Summary Possible directory traversal. Description Fixed filtering of a file path in the MIME-type transformation code, which allowed for directory traversal. Severity We consider this vulnerability to be serious. Affected Versions The...

Regular expression quoting issue in Synchronize code.

PMASA-2011-7 Announcement-ID: PMASA-2011-7 Date: 2011-07-02 Updated: 2011-07-04 Summary Regular expression quoting issue in Synchronize code. Description Through a possible bug in PHP, a null byte can truncate the pattern string allowing an attacker to inject the /e modifier causing the pregrepla...

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...

Possible code injection in setup script in case session variables are compromised.

PMASA-2011-6 Announcement-ID: PMASA-2011-6 Date: 2011-07-02 Summary Possible code injection in setup script in case session variables are compromised. Description An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can modify this key by modifyin...

phpMyAdmin '$_SESSION'数列未授权访问漏洞

Bugtraq ID: 48480 phpMyAdmin是一款基于PHP的MySQL管理程序。 phpMyAdmin存在多个安全漏洞： 1，超级全局$SESSION数列中的任意变量可覆盖或使用任意值创建。 2，phpMyAdmin中的一个错误配置允许$SESSION数列中的内容写入到.php-file中，组合1漏洞可能执行任意代码。 3，$SESSION数列中的内容post验证用于函数输入可执行PHP代码。 phpMyAdmin 3.4.0 厂商解决方案 目前没有详细解决方案提供： http://www.phpmyadmin.net/...

Fedora Update for phpMyAdmin FEDORA-2011-7703

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for phpMyAdmin FEDORA-2011-7702

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2011-7702 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Fedora Update for phpMyAdmin FEDORA-2011-7702

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for phpMyAdmin FEDORA-2011-7703

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2011-7703 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

[SECURITY] Fedora 13 Update: phpMyAdmin-3.4.1-1.fc13

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 14 Update: phpMyAdmin-3.4.1-1.fc14

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Fedora 14 : phpMyAdmin-3.4.1-1.fc14 (2011-7702)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

phpMyAdmin < 3.3.10.1 / 3.4.1 Multiple Vulnerabilities (PMASA-2011-03 - PMASA-2011-04

The remote host contains a version of phpMyAdmin - 3.3.x less than 3.3.10.1 or 3.4.x less than 3.4.1 - that is affected by multiple vulnerabilities: - The scripts 'tbllinks.php' and 'tbl-tracking' fail to filter input to the 'table' and 'db' parameters. An attacker may be able to exploit this iss...

Fedora 13 : phpMyAdmin-3.4.1-1.fc13 (2011-7703)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

Fedora 15 : phpMyAdmin-3.4.1-1.fc15 (2011-7684)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.1-1.fc15

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

phpMyAdmin url.php Redirect (PMASA-2011-4)

The version of phpMyAdmin on the remote host fails to validate input passed to the 'url' parameter in the 'url.php' script before redirecting to a specified location. An attacker may be able to exploit this issue to conduct phishing attacks by tricking users into visiting malicious websites...

Cross-Site Scripting and Open Redirection vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Open Redirection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.10.3 and below Vulnerability Type:...

URL redirection to untrusted site.

PMASA-2011-4 Announcement-ID: PMASA-2011-4 Date: 2011-05-22 Summary URL redirection to untrusted site. Description It was possible to redirect to an arbitrary, untrusted site, leading to a possible phishing attack. Severity We consider this vulnerability to be serious. Affected Versions The 3.4.0...

XSS vulnerability on Tracking page.

PMASA-2011-3 Announcement-ID: PMASA-2011-3 Date: 2011-05-22 Summary XSS vulnerability on Tracking page. Description It was possible to create a crafted table name that leads to XSS. Severity We consider this vulnerability to be serious. Mitigation factor This vulnerability works in the context of...