CVE-2013-3238

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a pregreplace function call within the "Replace table prefix" feature...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities

phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities. Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 2...

phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

Fedora Update for phpMyAdmin FEDORA-2013-5623

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2013-5623 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

phpMyAdmin 3.5.84.0.0-RC2 - Multiple Vulnerabilities

phpMyAdmin 3.5.84.0.0-RC2 - Multiple Vulnerabilities waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web:...

phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

Fedora Update for phpMyAdmin FEDORA-2013-5620

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2013-5620 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

FreeBSD : phpMyAdmin -- Multiple security vulnerabilities (8c8fa44d-ad15-11e2-8cea-6805ca0b3d42)

The phpMyAdmin development team reports : In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...

Fedora Update for phpMyAdmin FEDORA-2013-5623

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for phpMyAdmin FEDORA-2013-5620

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Locally Saved SQL Dump File Multiple File Extension Remote Code Execution.

PMASA-2013-3 Announcement-ID: PMASA-2013-3 Date: 2013-04-24 Summary Locally Saved SQL Dump File Multiple File Extension Remote Code Execution. Description phpMyAdmin can be configured to save an export file on the web server, via its SaveDir directive. With this in place, it's possible, either vi...

phpMyAdmin 3.5.x < 3.5.8 tbl_gis_visualization.php Multiple XSS

According to its self-identified version number, the phpMyAdmin 3.5.x install hosted on the remote web server is earlier than 3.5.8 and is, therefore, affected by multiple cross-site scripting vulnerabilities. The flaw exists in the 'visualizationSettingswidth' and 'visualizationSettingsheight'...

phpMyAdmin -- Multiple security vulnerabilities

The phpMyAdmin development team reports: In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...

Global variables overwrite in "export.php".

PMASA-2013-5 Announcement-ID: PMASA-2013-5 Date: 2013-04-24 Summary Global variables overwrite in "export.php". Description The export script generates global variables from those present in the $$POST superglobal. This may lead to other exploits in the export script. Severity We consider this...

Local file inclusion vulnerability.

PMASA-2013-4 Announcement-ID: PMASA-2013-4 Date: 2013-04-24 Summary Local file inclusion vulnerability. Description In the Export feature, a parameter specifying the export type was not correctly validated, opening the door to a local file inclusion attack. Severity We consider this vulnerability...

Remote code execution via preg_replace().

PMASA-2013-2 Announcement-ID: PMASA-2013-2 Date: 2013-04-24 Summary Remote code execution via pregreplace. Description In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expressio...

Fedora 18 : phpMyAdmin-3.5.8-1.fc18 (2013-5620)

phpMyAdmin 3.5.8.0 2013-04-08 =============================== - bug MariaDB reported as MySQL - bug Incorrect header for Safari 6.0 - bug Attempt to open trigger for edit gives NULL - change Use HTML5 DOCTYPE - security Self-XSS on GIS visualisation page, reported by Janek Vind - bug Incorrect...

Fedora 17 : phpMyAdmin-3.5.8-1.fc17 (2013-5623)

phpMyAdmin 3.5.8.0 2013-04-08 =============================== - bug MariaDB reported as MySQL - bug Incorrect header for Safari 6.0 - bug Attempt to open trigger for edit gives NULL - change Use HTML5 DOCTYPE - security Self-XSS on GIS visualisation page, reported by Janek Vind - bug Incorrect...

Fedora 19 : phpMyAdmin-3.5.8-1.fc19 (2013-5604)

phpMyAdmin 3.5.8.0 2013-04-08 =============================== - bug MariaDB reported as MySQL - bug Incorrect header for Safari 6.0 - bug Attempt to open trigger for edit gives NULL - change Use HTML5 DOCTYPE - security Self-XSS on GIS visualisation page, reported by Janek Vind - bug Incorrect...