6017 matches found
CVE-2008-1567
phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...
PT-2008-3126 · Mysql Server · Phpmyadmin
Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions prior to 2.11.5.1 Description: The issue allows local users to obtain sensitive information, including the MySQL username, password, and the Blowfish secret key, which are stored in cleartext in a Session file under /tmp...
phpmyadmin -- Username/Password Session File Information Disclosure
A phpMyAdmin security announcement report: phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...
Credentials disclosure on shared hosts via session data
PMASA-2008-2 Announcement-ID: PMASA-2008-2 Date: 2008-03-29 Summary Credentials disclosure on shared hosts via session data Description We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and...
GLSA-200803-15 : phpMyAdmin: SQL injection vulnerability
The remote host is affected by the vulnerability described in GLSA-200803-15 phpMyAdmin: SQL injection vulnerability Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact : An attacker could entice a user to visit a malicio...
openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5084)
This update of phpMyAdmin fixes a cross-site-scripting vulnerability. CVE-2007-6100,CVE-2007-5589 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update phpMyAdmin-5084. The text description of this...
openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5083)
This update of phpMyAdmin fixes a cross-site-scripting vulnerability. CVE-2007-6100,CVE-2007-5589 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update phpMyAdmin-5083. The text description of this...
[ GLSA 200803-15 ] phpMyAdmin: SQL injection vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
phpMyAdmin: SQL injection vulnerability
Background phpMyAdmin is a free web-based database administration tool. Description Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact An attacker could entice a user to visit a malicious web application that sets an...
Fedora 7 : phpMyAdmin-2.11.5-1.fc7 (2008-2229)
This is a bugfix-only version containing a security fix: Remove cookies from $REQUEST for better coexistence with other applications, thanks to Richard Cunningham. See PMASA-2008-1. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
Fedora 8 : phpMyAdmin-2.11.5-1.fc8 (2008-2189)
This is a bugfix-only version containing a security fix: Remove cookies from $REQUEST for better coexistence with other applications, thanks to Richard Cunningham. See PMASA-2008-1. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
FreeBSD : phpmyadmin -- SQL injection vulnerability (ce2f2ade-e7df-11dc-a701-000bcdc1757a)
A phpMyAdmin security announcement report : phpMyAdmin used the $REQUEST superglobal as a source for its parameters, instead of $GET and $POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere. Another application could set a cookie for...
phpMyAdmin $_REQUEST参数SQL注入漏洞
BUGTRAQ ID: 28068 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin使用$REQUEST而不是$GET和$POST变量作为其参数来源,并且在SQL查询中未经过滤便使用了参数,如果用户受骗访问了恶意网站的话,就可能导致SQL注入攻击。 phpMyAdmin phpMyAdmin 2.11.5 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...
CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...
CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...
Cross site request forgery (csrf)
phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...
DEBIAN-CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...
CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...
CVE-2008-1149
CVE-2008-1149 affects phpMyAdmin prior to 2.11.5, where code reads parameters from $_REQUEST (instead of $_GET/$_POST), enabling attackers in the same domain to override variables and perform SQL injection and CSRF via crafted cookies. The connected documents indicate this was addressed in later ...