[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1824 phpmyadmin -- several vulnerabilities

ID: oval:org.mitre.oval:def:7579Date: (C)2009-12-15   (M)2017-11-18
Class: PATCHFamily: unix




Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Cross site scripting vulnerability in the export page allow for an attacker that can place crafted cookies with the user to inject arbitrary web script or HTML. Static code injection allows for a remote attacker to inject arbitrary code into phpMyAdmin via the setup.php script. This script is in Debian under normal circumstances protected via Apache authentication. However, because of a recent worm based on this exploit, we are patching it regardless, to also protect installations that somehow still expose the setup.php script.

Platform:
Debian 5.0
Debian 4.0
Product:
phpmyadmin
Reference:
DSA-1824
CVE-2009-1150
CVE-2009-1151
CVE    2
CVE-2009-1151
CVE-2009-1150
CPE    2
cpe:/o:debian:debian_linux:4.0
cpe:/o:debian:debian_linux:5.0

© 2013 SecPod Technologies