Debian: Security Advisory (DSA-2034-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpMyAdmin 'unserialize()' RCE Vulnerability

phpMyAdmin is prone to a vulnerability that lets attackers execute arbitrary code in the context of the webserver process. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Debian DSA-2034-1 : phpmyadmin - several vulnerabilities

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-7251 phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, wi...

[SECURITY] [DSA 2034-1] New phpmyadmin packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2034-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 17, 2010 http://www.debian.org/security/faq -...

DSA-2034-1 phpmyadmin - several vulnerabilities

Bulletin has no description...

phpMyAdmin <= 2.6.1 disclosure ways

=================================== phpMyAdmin = 2.6.1 disclosure ways =================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// // // // // // 1 1 / Exploi...

[XSS] I found a xss in phpmyadmin 3.3.0 when we create new database in interface!

there is a xss in phpmyadmin 3.3.0 when we create new database in interface, the "newdb" parameter do not filter characters when users enter. attacker can enter malicious code, like "scriptalert/liscker/;/script". it also can be true in post and get. but in post, we can not encode xss code, or ,...

phpMyAdmin 'db_create.php' Cross Site Scripting Vulnerability

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

phpmyadmin 3.3.0 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications =================================================== phpmyadmin 3.3.0 Cross Site Scripting Vulnerability =================================================== there is a xss in phpmyadmin 3.3.0 when we create new database in interface, the...

phpMyAdmin 3.3.0 Cross Site Scripting

there is a xss in phpmyadmin 3.3.0 when we create new database in interface, the "newdb" parameter do not filter characters when users enter. attacker can enter malicious code, like "alert/liscker/;". it also can be true in post and get. but in post, we can not encode xss code, or , the xss will...

pMyAdmin 3.3.5.1 - 'db_create.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38707/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

pMyAdmin 3.3.5.1 - db_create.php Cross-Site Scripting

pMyAdmin 3.3.5.1 - dbcreate.php Cross-Site Scripting source: https://www.securityfocus.com/bid/38707/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code ...

Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVA-2010:075 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVA-2010:075 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Debian DSA-1918-1 : phpmyadmin - several vulnerabilities

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3696 Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web...

phpMyAdmin setup.php unserialize() Arbitrary PHP Code Execution (PMASA-2010-3)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. Submitting a specially crafted POST request can result in arbitrary PHP code injection. A remote...

phpMyAdmin unserialize()调用跨站请求伪造漏洞

BUGTRAQ ID: 37861 CVECAN ID: CVE-2009-4605 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin使用了传送给scripts/setup.php脚本的configuration和v0输入参数来调用unserialize函数，远程攻击者可以通过提交恶意请求执行跨站请求伪造攻击，以其他用户的权限执行任意指令。 phpMyAdmin 2.11.x 厂商补丁： phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

phpMyAdmin < 2.11.10 Multiple Vulnerabilities

Binary data 5304.prm...

Design/Logic Flaw

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

CVE-2008-7251

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors...