FreeBSD : phpmyadmin -- XSS Vulnerabilities (e285a1f4-4568-11dd-ae96-0030843d3802)

Secunia report : Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...

Cross Site Scripting vulnerability in extension phpmyadmin

It has been discovered that the extension phpmyadmin is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.0.1 and all versions below Vulnerability Type: Cross Site...

Fedora 8 : phpMyAdmin-2.11.7-1.fc8 (2008-5640)

"This update solves PMASA-2008-4 phpMyAdmin security announcement from 2008-06-23: XSS on plausible insecure PHP installation; see http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2008-4 - interface New field cannot be auto-increment and primary key - dbi Incorrect interpretation for...

Fedora 9 : phpMyAdmin-2.11.7-1.fc9 (2008-5676)

"This update solves PMASA-2008-4 phpMyAdmin security announcement from 2008-06-23: XSS on plausible insecure PHP installation; see http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2008-4 - interface New field cannot be auto-increment and primary key - dbi Incorrect interpretation for...

[SECURITY] Fedora 9 Update: phpMyAdmin-2.11.7-1.fc9

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.7-1.fc8

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

phpmyadmin -- Cross Site Scripting Vulnerabilities

Secunia report: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...

GLSA-200805-02 : phpMyAdmin: Information disclosure

The remote host is affected by the vulnerability described in GLSA-200805-02 phpMyAdmin: Information disclosure Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact : A remote attacker with CREATE TABLE...

[ GLSA 200805-02 ] phpMyAdmin: Information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

phpMyAdmin: Information disclosure

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact A remote attack...

Debian Security Advisory DSA 1557-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 1557-1. OpenVAS Vulnerability Test $Id: deb15571.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1557-1 phpmyadmin Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian: Security Advisory (DSA-1557-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1557-1 : phpmyadmin - insufficient input sanitising

Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1924 Attackers with CREATE table permissions were allowed to read arbitrary files...

FreeBSD : phpmyadmin -- Shared Host Information Disclosure (fe971a0f-1246-11dd-bab7-0016179b2dd5)

A phpMyAdmin security announcement report : It is possible to read the contents of any file that the web server's user can access. The exact mechanism to achieve this won't be disclosed. If a user can upload on the same host where phpMyAdmin is running a PHP script that can read files with the...

FreeBSD : phpmyadmin -- Username/Password Session File Information Disclosure (6eb1dc51-1244-11dd-bab7-0016179b2dd5)

A phpMyAdmin security announcement report : phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

[SECURITY] [DSA 1557-1] New phpmyadmin packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1557-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 24, 2008 http://www.debian.org/security/faq -...

phpMyAdmin共享主机远程信息泄露漏洞

BUGTRAQ ID: 28906 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin实现上存在漏洞，如果远程攻击者能够访问共享主机的话，就可以通过向phpMyAdmin发送特制的HTTP POST请求导致泄露敏感信息。 phpMyAdmin 2.11.5.2 phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

[SECURITY] [DSA 1557-1] New phpmyadmin packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1557-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 24, 2008 http://www.debian.org/security/faq -...

DSA-1557-1 phpmyadmin - several vulnerabilities

Bulletin has no description...

Design/Logic Flaw

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...