FreeBSD Local Security Checks : FreeBSD Ports: phpmyadmin, phpMyAdmin

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.52161

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Ports: phpmyadmin, phpMyAdmin

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

phpmyadmin, phpMyAdmin

CVE-2005-0543
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows
remote attackers to inject arbitrary HTML and web script via (1) the
strServer, cfg[BgcolorOne], or strServerChoice parameters in
select_server.lib.php, (2) the bg_color or row_no parameters in
display_tbl_links.lib.php, the left_font_family parameter in
theme_left.css.php, or the right_font_family parameter in
theme_right.css.php.

CVE-2005-0567
Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1
allow remote attackers to execute arbitrary PHP code by modifying the
(1) theme parameter to phpmyadmin.css.php or (2)
cfg[Server][extension] parameter to database_interface.lib.php to
reference a URL on a remote web server that contains the code.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-0543
BugTraq ID: 12644
http://www.securityfocus.com/bid/12644
Bugtraq: 20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 (Google Search)
http://marc.info/?l=bugtraq&m=110929725801154&w=2
http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml
http://secunia.com/advisories/14382
XForce ISS Database: phpmyadmin-multiple-php-xss(19462)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19462
Common Vulnerability Exposure (CVE) ID: CVE-2005-0567
BugTraq ID: 12645
http://www.securityfocus.com/bid/12645
http://secunia.com/advisories/14382/
XForce ISS Database: phpmyadmin-file-include(19465)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19465

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.52161
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: phpmyadmin, phpMyAdmin
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: phpmyadmin, phpMyAdmin CVE-2005-0543 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. CVE-2005-0567 Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0543 BugTraq ID: 12644 http://www.securityfocus.com/bid/12644 Bugtraq: 20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 (Google Search) http://marc.info/?l=bugtraq&m=110929725801154&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml http://secunia.com/advisories/14382 XForce ISS Database: phpmyadmin-multiple-php-xss(19462) https://exchange.xforce.ibmcloud.com/vulnerabilities/19462 Common Vulnerability Exposure (CVE) ID: CVE-2005-0567 BugTraq ID: 12645 http://www.securityfocus.com/bid/12645 http://secunia.com/advisories/14382/ XForce ISS Database: phpmyadmin-file-include(19465) https://exchange.xforce.ibmcloud.com/vulnerabilities/19465
Copyright	Copyright (C) 2008 E-Soft Inc.