phpMyAdmin 3.5.x HTML注入漏洞

Bugtraq ID:55925 CVE ID:CVE-2012-5339 phpMyAdmin是一款基于PHP的MySQL管理程序。 phpMyAdmin Trigger, Procedure和Event页面不正确转义HTML输出，使用特殊名创建/修改trigger, event或procedure时，可触发跨站脚本攻击，可获得敏感信息或劫持用户会话。 0 phpMyAdmin 3.5.x 厂商解决方案 phpMyAdmin 3.5.3已经修复此漏洞，建议用户下载使用： http://www.phpmyadmin.net/...

[SECURITY] Fedora 18 Update: phpMyAdmin-3.5.3-1.fc18

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Fedora 18 : phpMyAdmin-3.5.3-1.fc18 (2012-15691)

phpMyAdmin 3.5.3.0 2012-10-08 =============================== - interface Browse mode 'Show' button gives blank page if no results anymore - interface Copy Database Ajax feedback vanishes long before copying is done - interface GC-maxlifetime warning incorrectly displayed - interface Search fails...

FreeBSD : phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack (ef417da3-1640-11e2-999b-e0cb4e266481)

The phpMyAdmin development team reports : When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.net website in...

Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages.

PMASA-2012-6 Announcement-ID: PMASA-2012-6 Date: 2012-10-12 Summary Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages. Description When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. Severity We consider these...

Fetching the version information from a non-SSL site is vulnerable to a MITM attack.

PMASA-2012-7 Announcement-ID: PMASA-2012-7 Date: 2012-10-12 Summary Fetching the version information from a non-SSL site is vulnerable to a MITM attack. Description To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.n...

phpMyAdmin 3.5.2.2 - 'server_sync.php' Backdoor (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin 3.5.2.2 serversync.ph...

phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

The phpMyAdmin development team reports: When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.net website in...

phpMyAdmin 3.5.2.2 server-sync.php 后门

No description provided by source...

SourceForge Investigates Backdoor Code Found in Copy of phpMyAdmin

The popular open-source repository SourceForge is investigating how a corrupted copy of phpMyAdmin came to be served from a Korean-based mirror. Logs indicate 400 users downloaded the malicious file before it was removed from rotation today. “One of the SourceForge.net mirrors, namely...

phpMyAdmin server_sync.php Backdoor (PMASA-2012-5)

The phpMyAdmin install hosted on the remote web server contains a backdoor script, probably obtained from the cdnetworks-kr-1 SourceForge.net mirror site as part of the file phpMyAdmin-3.5.2.2-all-languages.zip. An unauthenticated, remote attacker can use this backdoor to execute arbitrary PHP co...

phpMyAdmin 3.5.2.2 server_sync.php Backdoor

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin 3.5.2.2 serversync.ph...

phpMyAdmin 'server_sync.php'远程后门漏洞

BUGTRAQ ID: 55672 CVE ID: CVE-2012-5159 phpMyAdmin是一个用PHP编写的，可以通过web方式控制和操作MySQL数据库。 phpMyAdmin通过"cdnetworks-kr-1" SourceForge mirror系统分发的phpMyAdmin 3.5.2.2及其他版本源文件为phpMyAdmin-3.5.2.2-all-languages.zip，其中包含名为serversync.php的木马，可允许远程攻击者通过调用eval攻击执行任意命令。 0 phpMyAdmin 3.5.2.2 厂商补丁： phpMyAdmin...

phpMyAdmin 3.5.2.2 server_sync.php Backdoor

Exploit for php platform in category web applications $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/cor...

phpMyAdmin 'server_sync.php' Backdoor Vulnerability

phpMyAdmin is prone to a backdoor vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin"; if...

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

Design/Logic Flaw

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

CVE-2012-5159

CVE-2012-5159 affects phpMyAdmin 3.5.2.2 distributed via the cdnetworks-kr-1 SourceForge mirror. A trojaned backdoor in server_sync.php enables remote arbitrary PHP code execution via an eval injection. The issue originates from an externally introduced modification to the package; other files (e...