DEBIAN-CVE-2008-3457

Cross-site scripting XSS vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify...

CVE-2008-3456

CVE-2008-3456 affects phpMyAdmin up to version 2.11.x prior to 2.11.8, where pages could be framed by remote domains, enabling cross-site framing that could facilitate spoofing/phishing. The root cause is insufficient framing protection. Upgrading to PHPMyAdmin 2.11.8.x or later fixes the issue (...

CVE-2008-3457

Cross-site scripting XSS vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify...

CVE-2008-3456

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...

CVE-2008-3456

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...

CVE-2008-3457

CVE-2008-3457 is a user-assisted XSS in phpMyAdmin’s setup.php, exploitable only in rare scenarios where an attacker can modify config/config.inc.php. Multiple disclosures (Debian DSA-1641-1, OSV, openVAS entries) confirm the vulnerability in phpMyAdmin prior to 2.11.8. Remediation per sources is...

Fedora 8 : phpMyAdmin-2.11.8.1-1.fc8 (2008-6810)

This update solves PMASA-2008-6 phpMyAdmin security announcement from 2008-07-28: Cross-site Framing; XSS in setup.php; see http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2008-6 - interface Table list pagination in navi - profiling Profiling causes query to be executed again really...

Fedora 9 : phpMyAdmin-2.11.8.1-1.fc9 (2008-6868)

This update solves PMASA-2008-6 phpMyAdmin security announcement from 2008-07-28: Cross-site Framing; XSS in setup.php; see http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2008-6 - interface Table list pagination in navi - profiling Profiling causes query to be executed again really...

[SECURITY] Fedora 9 Update: phpMyAdmin-2.11.8.1-1.fc9

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.8.1-1.fc8

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

phpMyAdmin多个跨站脚本漏洞

BUGTRAQ ID: 30420 CNCAN ID：CNCAN-2008073002 phpMyAdmin是一款基于PHP的管理MySQL的应用程序。 phpMyAdmin不正确过滤用户提交的参数，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 -phpMyAdmin应允许帧显示到其他页中，可导致钓鱼攻击。 -setup.php存在跨站脚本攻击，可导致覆写config/config.inc.php文件。 phpMyAdmin phpMyAdmin 2.11.7 phpMyAdmin phpMyAdmin 2.11.5 1 phpMyAdmin phpMyAdmin 2.11.4...

Cross-site Framing; XSS in setup.php

PMASA-2008-6 Announcement-ID: PMASA-2008-6 Date: 2008-07-28 Summary Cross-site Framing; XSS in setup.php Description We received two advisories from Aung Khant YGN Ethical Hacker Group, and we wish to thank him for his work. It was permitted to display phpMyAdmin's frames inside another page,...

FreeBSD : phpmyadmin -- cross site request forgery vulnerabilities (35e54755-54e4-11dd-ad8b-0030843d3802)

A phpMyAdmin security announcement : A logged-in user, if abused into clicking a crafted link or loading an attack page, would create a database he did not intend to, or would change his connection character set. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...

Fedora 8 : phpMyAdmin-2.11.7.1-1.fc8 (2008-6450)

"This update solves a not yet clearly documented security issue with phpMyAdmin. - interface New field cannot be auto-increment and primary key - dbi Incorrect interpretation for some mysqli field flags - display part 1: do not display a TEXT utf8bin as BLOB fixed for mysqli extension only -...

Fedora 9 : phpMyAdmin-2.11.7.1-1.fc9 (2008-6502)

"This update solves a not yet clearly documented security issue with phpMyAdmin. - interface New field cannot be auto-increment and primary key - dbi Incorrect interpretation for some mysqli field flags - display part 1: do not display a TEXT utf8bin as BLOB fixed for mysqli extension only -...

[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.7.1-1.fc8

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

[SECURITY] Fedora 9 Update: phpMyAdmin-2.11.7.1-1.fc9

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...