phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names

The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in recent/favorite tables navigation. When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2012:0494-1)

update to 3.4.10.2 - security Fixed local path disclosure vulnerability, see PMASA-2012-2 http://www.phpmyadmin.net/homepage/security/PMASA-2012- 2.php %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2012:1062-1)

phpMyAdmin was updated to 3.5.2.2 - fix for bnc776698, bnc776701 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-535. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : phpMyAdmin (openSUSE-2012-135)

update to 3.4.10.1 fix for bnc747841 - security XSS in replication setup, see PMASA-2012-1 - 3.4.10.0 2012-02-14 - bug 3460090 interface TextareaAutoSelect feature broken - patch 3375984 export PHP Array export might generate invalid php code - bug 3049209 import Import from ODS ignores cell that...

openSUSE Security Update : phpMyAdmin (openSUSE-2011-14)

update to 3.4.7.1 fix for bnc728243 - security Fixed possible local file inclusion in XML import CVE-2011-4107, see PMASA-2011-17 http://www.phpmyadmin.net/homepage/security/PMASA-2011- 17.php %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

openSUSE Security Update : phpMyAdmin (openSUSE-2011-94)

update to 3.4.8 - bug 3425230 interface enum data split at space char more space to edit - bug 3426840 interface ENUM/SET editor can't handle commas in values - bug 3427256 interface no links to browse/empty views and tables - bug 3430377 interface Deleted search results remain visible - bug...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2013:1065-1)

This update of phpMyAdmin fixes several security issues. - update to 3.5.8.1 2013-04-24 - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013...

openSUSE Security Update : phpMyAdmin (openSUSE-2012-18)

update to 3.4.9 - bug 3442028 edit Inline editing enum fields with null shows no dropdown - bug 3442004 interface DB suggestion not correct for user with underscore - bug 3438420 core Magic quotes removed in PHP 5.4 - bug 3398788 session No feedback when result is empty signon authtype - bug...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:0344-1)

phpMyAdmin was updated to 4.1.8 to fix bugs, security issues and also bring new features. Fixed security issue : - PMASA-2014-1 CVE-2014-1879, CWE-661 CWE-79 - update to 4.1.8 2014-02-22 - sf4276 Login loop on session expiry - sf4249 Incorrect number of result rows for SQL with subqueries - sf427...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2013:1343-1)

This version upgrade of phpMyAdmin fixed various security issues SQL injection, XSS, full path disclosure, Clickjacking %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-647. The...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2012:1507-1)

This update of phpMyAdmin is a version upgrade to 3.5.3.0 to fix multiple XSS flaws. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-790. The text description of this plugin is C...

[ MDVSA-2014:046 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:046 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : February 21, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered an...

PhpMyAdmin exploits concludes With Metasploit-vulnerability warning-the black bar safety net

A: affects versions: 3.5. x 3.5.8.1 and 4.0.0 4.0.0-rc3 Overview: PhpMyAdmin presence of a PREGREPLACEEVAL vulnerability Use module: exploit/multi/http/phpmyadminpregreplace CVE: CVE-2 0 1 3-3 2 3 8 II: effects version: phpMyAdmin v3. 5. 2. 2 Overview: PhpMyAdmin存在serversync.php Backdoor...

XAMPP跨站脚本和跨站请求伪造漏洞

Bugtraq ID:66680 XAMPP（Apache+MySQL+PHP+PERL）是一个建 XAMPP 软件站集成软件包。 XAMPP存在跨站脚本和跨站请求伪造漏洞，允许攻击者利用漏洞获取敏感信息，劫持用户会话或允许远程攻击者构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。 0 XAMPP & phpMyAdmin = 4.1.6 目前没有详细解决方案： http://www.apachefriends.org/en...

XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities (XSS & CSRF)

phpMyAdmin version 4.1.6 with XAMPP version 3.2.1 installed suffers from cross site request forgery and cross site scripting vulnerabilities. Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 "' in the url resulting in a reflected cross site scripting attack. The file...

XAMPP 3.2.1 phpMyAdmin 4.1.6 - Multiple Vulnerabilities

XAMPP 3.2.1 phpMyAdmin 4.1.6 - Multiple Vulnerabilities Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 = multiple vulnerabilities Date: 6/04/2014 Author: hackerDesk Software Link: http://www.apachefriends.org/en/xampp-windows.html Version: 3.2.1 & 4.1.6 Tested on: Windows 7 CVE : kuDos tO: Mayank...

XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities

Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 = multiple vulnerabilities Date: 6/04/2014 Author: hackerDesk Software Link: http://www.apachefriends.org/en/xampp-windows.html Version: 3.2.1 & 4.1.6 Tested on: Windows 7 CVE : kuDos tO: Mayank Kapoor@wHys0SerI0s Sujoy Chakravarti@sujoy3188, Gurjant Singh...

XAMPP 3.2.1 / phpMyAdmin 4.1.6 XSS / CSRF

Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 = multiple vulnerabilities Date: 6/04/2014 Author: Software Link: http://www.apachefriends.org/en/xampp-windows.html Version: 3.2.1 & 4.1.6 Tested on: Windows 7 CVE : ██░ ██ ▄▄▄ ▄████▄ ██ ▄█▀▓█████ ██▀███ ▓█████▄ ▓█████ ██████ ██ ▄█▀ ▓██░ ██▒▒████▄ ▒██▀ ▀█...

plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak

plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execu...

Web servers PHPMyAdmin Misconfiguration Code Injection

A code injection vulnerability has been reported in PHPMyAdmin. The vulnerability is due to PHPMyAdmin misconfiguration. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target...