[SECURITY] Fedora 9 Update: phpMyAdmin-3.1.3.2-1.fc9

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin Team reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. This...

phpMyAdmin < 3.1.3.1 'file_path' Parameter Multiple Vulnerabilities (PMASA-2009-1)

Binary data 4985.prm...

phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)

The version of phpMyAdmin installed on the remote host fails to sanitize user-supplied input to the 'filepath' parameter of the 'bsdispasmimetype.php' script before using it to read a file and reporting it in dynamically-generated HTML. An unauthenticated, remote attacker may be able to leverage...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-6133)

This update of phpMyAdmin fixes multiple vulnerabilities : - CVE-2009-1148: directory traversal - CVE-2009-1149: CRLF injection - CVE-2009-1150: cross-site scripting - CVE-2009-1151: static code injection %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

Fedora Core 9 FEDORA-2009-2984 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory FEDORA-2009-2984. OpenVAS Vulnerability Test $Id: fcore20092984.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-2984 phpMyAdmin Authors: Thomas Reinke Copyright: Copyright c...

Fedora Core 10 FEDORA-2009-3006 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory FEDORA-2009-3006. OpenVAS Vulnerability Test $Id: fcore20093006.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-3006 phpMyAdmin Authors: Thomas Reinke Copyright: Copyright c...

Fedora Core 9 FEDORA-2009-2984 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory FEDORA-2009-2984. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

Fedora Core 10 FEDORA-2009-3006 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory FEDORA-2009-3006. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

Fedora 9 : phpMyAdmin-3.1.3.1-1.fc9 (2009-2984)

Improvements for 3.1.3.1: - security HTTP Response Splitting and file inclusion vulnerabilities - security XSS vulnerability on export page - security Insufficient output sanitizing when generating configuration file Note that Tenable Network Security has extracted the preceding description block...

Crlf injection

CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

Directory traversal

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

CVE-2009-1149

CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

DEBIAN-CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

CVE-2009-1149

CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...

CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...