exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2010-3056

Status Candidate

Overview

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

Related Files

Gentoo Linux Security Advisory 201201-01
Posted Jan 5, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-1 - Multiple vulnerabilities were found in phpMyAdmin, the most severe of which allows the execution of arbitrary PHP code. Versions less than 3.4.9 are affected.

tags | advisory, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2008-7251, CVE-2008-7252, CVE-2010-2958, CVE-2010-3055, CVE-2010-3056, CVE-2010-3263, CVE-2011-0986, CVE-2011-0987, CVE-2011-2505, CVE-2011-2506, CVE-2011-2507, CVE-2011-2508, CVE-2011-2642, CVE-2011-2643, CVE-2011-2718, CVE-2011-2719, CVE-2011-3646, CVE-2011-4064, CVE-2011-4107, CVE-2011-4634, CVE-2011-4780, CVE-2011-4782
SHA-256 | a9a0414a3c076b4e97dee46444baeb67c679e1b447f44f4f421858257e7dff0c
Download | Favorite | View
Debian Linux Security Advisory 2097-2
Posted Sep 14, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2097-2 - The update in DSA 2097 for phpMyAdmin did not correctly apply the intended changes, thereby not completely addressing the vulnerabilities. The configuration setup script does not properly sanitize its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. In Debian, the setup tool is protected through Apache HTTP basic authentication by default. Various cross site scripting issues have been discovered that allow a remote attacker to inject arbitrary web script or HTML.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, debian
advisories | CVE-2010-3055, CVE-2010-3056
SHA-256 | c21f472813e5c7c0a304c173d6cf63b3c3701881ecb40c9dd4192c61fc607c73
Download | Favorite | View
Mandriva Linux Security Advisory 2010-164
Posted Aug 30, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-164 - It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 3.3.5.1 which is not vulnerable for this security issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2010-3056
SHA-256 | 60db42d3354d6ff1f1c80b63abae9bea06cc95f164fa11a0f38df7f544c7f2f4
Download | Favorite | View
Mandriva Linux Security Advisory 2010-163
Posted Aug 30, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-163 - The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code. It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues.

tags | advisory, arbitrary, php
systems | linux, mandriva
advisories | CVE-2010-3055, CVE-2010-3056
SHA-256 | 9986c79908b9ee4d1ba1f58ab5437dfb3312b87f607400d0eb139d1ac17b4e10
Download | Favorite | View
Debian Linux Security Advisory 2097-1
Posted Aug 30, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2097-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2010-3055, CVE-2010-3056
SHA-256 | 95a8d46ad69848cca0eb3506aef5c1ec2226aff5c00cd60ce4735cec56aca9b5
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close