Test Kennung:	1.3.6.1.4.1.25623.1.0.63450
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)
Zusammenfassung:	The remote host is missing an update to phpMyAdmin;announced via advisory MDVSA-2009:026-1.
Beschreibung:	Summary: The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:026-1. Vulnerability Insight: Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote attackers to inject arbitrary web script or HTML by using db script parameter when register_global php parameter is enabled (CVE-2008-4775). Cross-site request forgery (CSRF) vulnerability in tbl_structure.php allows remote attackers perform SQL injection and execute arbitrary code by using table script parameter (CVE-2008-5621). Multiple cross-site request forgery (CSRF) vulnerabilities in allows remote attackers perform SQL injection by using unknown vectors related to table script parameter (CVE-2008-5622). This update provide the fix for these security issues. Update: The previous update packages wasn't signed, this time they are. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4775 BugTraq ID: 31928 http://www.securityfocus.com/bid/31928 Bugtraq: 20081027 XSS in phpMyadmin (Google Search) http://www.securityfocus.com/archive/1/497815/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00908.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00925.html http://security.gentoo.org/glsa/glsa-200903-32.xml http://secunia.com/advisories/32449 http://secunia.com/advisories/32482 http://securityreason.com/securityalert/4516 http://www.vupen.com/english/advisories/2008/2943 XForce ISS Database: phpmyadmin-pmdpdf-xss(46136) https://exchange.xforce.ibmcloud.com/vulnerabilities/46136 Common Vulnerability Exposure (CVE) ID: CVE-2008-5621 BugTraq ID: 32720 http://www.securityfocus.com/bid/32720 Debian Security Information: DSA-1723 (Google Search) http://www.debian.org/security/2009/dsa-1723 https://www.exploit-db.com/exploits/7382 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html http://www.openwall.com/lists/oss-security/2009/02/12/1 http://osvdb.org/50894 http://secunia.com/advisories/33076 http://secunia.com/advisories/33146 http://secunia.com/advisories/33246 http://secunia.com/advisories/33822 http://secunia.com/advisories/33912 http://securityreason.com/securityalert/4753 SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://www.vupen.com/english/advisories/2008/3402 http://www.vupen.com/english/advisories/2008/3501 XForce ISS Database: phpmyadmin-tblstructure-csrf(47168) https://exchange.xforce.ibmcloud.com/vulnerabilities/47168
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.