CVE-2013-3238

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a pregreplace function call within the "Replace table prefix" feature...

CVE-2013-3241

export.php aka the export script in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request...

CVE-2013-3240

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type...

phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities

phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities. Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 2...

phpMyAdmin 3.5.84.0.0-RC2 - Multiple Vulnerabilities

phpMyAdmin 3.5.84.0.0-RC2 - Multiple Vulnerabilities waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web:...

phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

Fedora Update for phpMyAdmin FEDORA-2013-5623

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2013-5623 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Fedora Update for phpMyAdmin FEDORA-2013-5623

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for phpMyAdmin FEDORA-2013-5620

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

FreeBSD : phpMyAdmin -- Multiple security vulnerabilities (8c8fa44d-ad15-11e2-8cea-6805ca0b3d42)

The phpMyAdmin development team reports : In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...

phpMyAdmin 3.5.x < 3.5.8 tbl_gis_visualization.php Multiple XSS

According to its self-identified version number, the phpMyAdmin 3.5.x install hosted on the remote web server is earlier than 3.5.8 and is, therefore, affected by multiple cross-site scripting vulnerabilities. The flaw exists in the 'visualizationSettingswidth' and 'visualizationSettingsheight'...

phpMyAdmin -- Multiple security vulnerabilities

The phpMyAdmin development team reports: In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...

Global variables overwrite in "export.php".

PMASA-2013-5 Announcement-ID: PMASA-2013-5 Date: 2013-04-24 Summary Global variables overwrite in "export.php". Description The export script generates global variables from those present in the $$POST superglobal. This may lead to other exploits in the export script. Severity We consider this...

Remote code execution via preg_replace().

PMASA-2013-2 Announcement-ID: PMASA-2013-2 Date: 2013-04-24 Summary Remote code execution via pregreplace. Description In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expressio...

Locally Saved SQL Dump File Multiple File Extension Remote Code Execution.

PMASA-2013-3 Announcement-ID: PMASA-2013-3 Date: 2013-04-24 Summary Locally Saved SQL Dump File Multiple File Extension Remote Code Execution. Description phpMyAdmin can be configured to save an export file on the web server, via its SaveDir directive. With this in place, it's possible, either vi...

Local file inclusion vulnerability.

PMASA-2013-4 Announcement-ID: PMASA-2013-4 Date: 2013-04-24 Summary Local file inclusion vulnerability. Description In the Export feature, a parameter specifying the export type was not correctly validated, opening the door to a local file inclusion attack. Severity We consider this vulnerability...

Fedora 17 : phpMyAdmin-3.5.8-1.fc17 (2013-5623)

phpMyAdmin 3.5.8.0 2013-04-08 =============================== - bug MariaDB reported as MySQL - bug Incorrect header for Safari 6.0 - bug Attempt to open trigger for edit gives NULL - change Use HTML5 DOCTYPE - security Self-XSS on GIS visualisation page, reported by Janek Vind - bug Incorrect...

Fedora 19 : phpMyAdmin-3.5.8-1.fc19 (2013-5604)

phpMyAdmin 3.5.8.0 2013-04-08 =============================== - bug MariaDB reported as MySQL - bug Incorrect header for Safari 6.0 - bug Attempt to open trigger for edit gives NULL - change Use HTML5 DOCTYPE - security Self-XSS on GIS visualisation page, reported by Janek Vind - bug Incorrect...

Fedora 18 : phpMyAdmin-3.5.8-1.fc18 (2013-5620)

phpMyAdmin 3.5.8.0 2013-04-08 =============================== - bug MariaDB reported as MySQL - bug Incorrect header for Safari 6.0 - bug Attempt to open trigger for edit gives NULL - change Use HTML5 DOCTYPE - security Self-XSS on GIS visualisation page, reported by Janek Vind - bug Incorrect...