Mandriva Linux Security Advisory - A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.2.2 release. This update provides version 2.11.7 which is the latest stable release of phpMyAdmin and fixes CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, and CVE-2008-2960. No configuration changes should be required since the previous update (version 2.11.2.2). If upgrading from older versions, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient so simply replace config.default.php with config.default.php.rpmnew and make whatever modifications are necessary.
111ac8a31b58f8fecdc3b03bf5f9410ebb9e17423d9935e13fa0a53a6e8c3e8dGentoo Linux Security Advisory GLSA 200805-02 - Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Versions less than 2.11.5.2 are affected.
a7d40e1888da5a69f15cd07b8c0f478c5091ed90492e7327880195c9e015ba80Debian Security Advisory 1557-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in.
b57bb9f9b51c75c5e6ff94c19c7379b4494471845ff2dd9879887fcc61ccf135
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed