[SA12813] phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability

TITLE: phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability SECUNIA ADVISORY ID: SA12813 VERIFY ADVISORY: http://secunia.com/advisories/12813/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: phpMyAdmin 2.x http://secunia.com/product/1720/ DESCRIPTION: A...

When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user.

PMASA-2004-2 Announcement-ID: PMASA-2004-2 Date: 2004-10-12 Summary When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user. Description phpMyAdmin allows to use MIME transformations for displayi...

phpmyadmin -- remote command execution vulnerability

From the phpMyAdmin 2.6.0p2 release notes: If PHP is not running in safe mode, a problem in the MIME-based transformation system with an "external" transformation allows to execute any command with the privileges of the web server's user...

CVE-2004-0129

CVE-2004-0129: Directory traversal in phpMyAdmin export.php affects 2.5.5 and earlier; attackers can read arbitrary files via .. in the what parameter. Root cause: insufficient validation of the file path. Impact: potential exposure of server files; CVSS v2 base 5.0 per records. Patch/remediation...

CVE-2004-0129

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. dot dot sequences in the what parameter...

CVE-2004-0129

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. dot dot sequences in the what parameter...

GLSA-200407-22 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200407-22 phpMyAdmin: Multiple vulnerabilities Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including host, name, and password by appending new settings to...

GLSA-200402-05 : phpMyAdmin < 2.5.6-rc1: possible attack against export.php

The remote host is affected by the vulnerability described in GLSA-200402-05 phpMyAdmin 2.5.6-rc1: possible attack against export.php One component of the phpMyAdmin software package export.php does not properly verify input that is passed to it from a remote user. Since the input is used to...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...

FreeBSD : Remote code injection in phpMyAdmin (142)

The following package needs to be updated: phpMyAdmin %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg0d4c31accb9111d88898000d6111a684.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

FreeBSD : file disclosure in phpMyAdmin (141)

The following package needs to be updated: phpMyAdmin %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgcc0fb686655011d880e30020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

phpMyAdmin 2.5.7 - Remote code Injection

phpMyAdmin 2.5.7 - Remote code Injection / phpmy-explt.c written by Nasir Simbolon eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client query "SHOW...

phpMyAdmin 2.5.7 Remote code injection Exploit

No description provided by source. / phpmy-explt.c written by Nasir Simbolon nasir kecapi com eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client...

phpMyAdmin 2.5.7 Remote code injection Exploit

Exploit for unknown platform in category web applications ============================================== phpMyAdmin 2.5.7 Remote code injection Exploit ============================================== / phpmy-explt.c written by Nasir Simbolon eagle kecapi com Jakarta, Indonesia June, 10 2004 A...

phpMyAdmin 2.5.7 - Remote code Injection

/ phpmy-explt.c written by Nasir Simbolon eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client query "SHOW TABLES", by replacing the real table name...

phpMyAdmin257.txt

Software : phpMyAdmin Version : 2.5.7 Vulnerability : php codes injection Problem-Type : remote user phpMyAdmin is web-based mysql administration written in PHP. There is a vulnerability in phpMyAdmin version 2.5.7. This vulnerability would allow remote user to inject php codes to be executed by...

php codes injection in phpMyAdmin version 2.5.7.

Software : phpMyAdmin Version : 2.5.7 Vulnerability : php codes injection Problem-Type : remote user phpMyAdmin is web-based mysql administration written in PHP. There is a vulnerability in phpMyAdmin version 2.5.7. This vulnerability would allow remote user to inject php codes to be executed by...

Remote code injection in phpMyAdmin

This vulnerability would allow remote user to inject PHP code to be executed by eval function. This vulnerability is only exploitable if variable $cfg'LeftFrameLight' is set to FALSE in file config.inc.php...

When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration.

PMASA-2004-1 Announcement-ID: PMASA-2004-1 Date: 2004-06-29 Summary When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration. Description phpMyAdmin used eval function to fill some values and one parameter used there w...

CVE-2004-0129

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. dot dot sequences in the what parameter...