Gentoo Linux Security Advisory 201201-1 - Multiple vulnerabilities were found in phpMyAdmin, the most severe of which allows the execution of arbitrary PHP code. Versions less than 3.4.9 are affected.
a9a0414a3c076b4e97dee46444baeb67c679e1b447f44f4f421858257e7dff0cDebian Linux Security Advisory 2097-2 - The update in DSA 2097 for phpMyAdmin did not correctly apply the intended changes, thereby not completely addressing the vulnerabilities. The configuration setup script does not properly sanitize its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. In Debian, the setup tool is protected through Apache HTTP basic authentication by default. Various cross site scripting issues have been discovered that allow a remote attacker to inject arbitrary web script or HTML.
c21f472813e5c7c0a304c173d6cf63b3c3701881ecb40c9dd4192c61fc607c73Mandriva Linux Security Advisory 2010-163 - The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code. It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues.
9986c79908b9ee4d1ba1f58ab5437dfb3312b87f607400d0eb139d1ac17b4e10Debian Linux Security Advisory 2097-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
95a8d46ad69848cca0eb3506aef5c1ec2226aff5c00cd60ce4735cec56aca9b5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed