what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2010-3056

Status Candidate

Overview

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

Related Files

Gentoo Linux Security Advisory 201201-01
Posted Jan 5, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-1 - Multiple vulnerabilities were found in phpMyAdmin, the most severe of which allows the execution of arbitrary PHP code. Versions less than 3.4.9 are affected.

tags | advisory, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2008-7251, CVE-2008-7252, CVE-2010-2958, CVE-2010-3055, CVE-2010-3056, CVE-2010-3263, CVE-2011-0986, CVE-2011-0987, CVE-2011-2505, CVE-2011-2506, CVE-2011-2507, CVE-2011-2508, CVE-2011-2642, CVE-2011-2643, CVE-2011-2718, CVE-2011-2719, CVE-2011-3646, CVE-2011-4064, CVE-2011-4107, CVE-2011-4634, CVE-2011-4780, CVE-2011-4782
SHA-256 | a9a0414a3c076b4e97dee46444baeb67c679e1b447f44f4f421858257e7dff0c
Debian Linux Security Advisory 2097-2
Posted Sep 14, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2097-2 - The update in DSA 2097 for phpMyAdmin did not correctly apply the intended changes, thereby not completely addressing the vulnerabilities. The configuration setup script does not properly sanitize its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. In Debian, the setup tool is protected through Apache HTTP basic authentication by default. Various cross site scripting issues have been discovered that allow a remote attacker to inject arbitrary web script or HTML.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, debian
advisories | CVE-2010-3055, CVE-2010-3056
SHA-256 | c21f472813e5c7c0a304c173d6cf63b3c3701881ecb40c9dd4192c61fc607c73
Mandriva Linux Security Advisory 2010-164
Posted Aug 30, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-164 - It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 3.3.5.1 which is not vulnerable for this security issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2010-3056
SHA-256 | 60db42d3354d6ff1f1c80b63abae9bea06cc95f164fa11a0f38df7f544c7f2f4
Mandriva Linux Security Advisory 2010-163
Posted Aug 30, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-163 - The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code. It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues.

tags | advisory, arbitrary, php
systems | linux, mandriva
advisories | CVE-2010-3055, CVE-2010-3056
SHA-256 | 9986c79908b9ee4d1ba1f58ab5437dfb3312b87f607400d0eb139d1ac17b4e10
Debian Linux Security Advisory 2097-1
Posted Aug 30, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2097-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2010-3055, CVE-2010-3056
SHA-256 | 95a8d46ad69848cca0eb3506aef5c1ec2226aff5c00cd60ce4735cec56aca9b5
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close