22 matches found
EUVD-2011-2697
Malware in sbrugna...
phpMyAdmin remote variable manipulation
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
GHSA-VQCM-R62W-W437 phpMyAdmin remote variable manipulation
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
phpMyAdmin 3.x < 3.3.10.3, 3.4.x < 3.4.3.2 Multiple Vulnerabilities (PMASA-2011-9, PMASA-2011-12) - Linux
phpMyAdmin is prone to multiple vulnerabilities: - a Cross-Site Scripting XSS vulnerability in table Print view - possible superglobal and local variables manipulation in swekey authentication. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced...
VulnCheck KEV: CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 Multiple Vulnerabilities (PMASA-2011-5 - PMASA-2011-8)
The remote host contains a version of phpMyAdmin - 3.3.x less than 3.3.10.2 or 3.4.x less than 3.4.3.1 - that is affected by multiple vulnerabilities : - An error in the file 'libraries/auth/swekey/swekey.auth.lib.php' allows an attacker to modify the 'SESSION' superglobal array. CVE-2011-2505 - ...
CVE-2011-2719
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain...
CVE-2011-2719
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain...
Sql injection
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain...
CVE-2011-2719
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain...
[SECURITY] [DSA 2286-1] phpmyadmin security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2286-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 26, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2286-1] phpmyadmin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2286-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 26, 2011 http://www.debian.org/security/faq -...
FreeBSD : phpmyadmin -- multiple vulnerabilities (d79fc873-b5f9-11e0-89b4-001ec9578670)
The phpMyAdmin development team reports : XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loc...
phpmyadmin -- multiple vulnerabilities
The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...
Possible superglobal and local variables manipulation in swekey authentication.
PMASA-2011-12 Announcement-ID: PMASA-2011-12 Date: 2011-07-23 Updated: 2011-07-25 Summary Possible superglobal and local variables manipulation in swekey authentication. Description It was possible to manipulate the PHP superglobals including SESSION using some of the Swekey authentication code...
DEBIAN-CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
phpMyAdmin 3.3.x < 3.3.10.2 / 3.4.x < 3.4.3.1 Multiple Vulnerabilities
Binary data 5985.prm...
FreeBSD : phpmyadmin -- multiple vulnerabilities (7e4e5c53-a56c-11e0-b180-00216aa06fc2)
The phpMyAdmin development team reports : It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...