FreeBSD Local Security Checks : FreeBSD Ports: phpmyadmin, phpMyAdmin

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52161

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: phpmyadmin, phpMyAdmin

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

phpmyadmin, phpMyAdmin

CVE-2005-0543
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows
remote attackers to inject arbitrary HTML and web script via (1) the
strServer, cfg[BgcolorOne], or strServerChoice parameters in
select_server.lib.php, (2) the bg_color or row_no parameters in
display_tbl_links.lib.php, the left_font_family parameter in
theme_left.css.php, or the right_font_family parameter in
theme_right.css.php.

CVE-2005-0567
Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1
allow remote attackers to execute arbitrary PHP code by modifying the
(1) theme parameter to phpmyadmin.css.php or (2)
cfg[Server][extension] parameter to database_interface.lib.php to
reference a URL on a remote web server that contains the code.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0543
BugTraq ID: 12644
http://www.securityfocus.com/bid/12644
Bugtraq: 20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 (Google Search)
http://marc.info/?l=bugtraq&m=110929725801154&w=2
http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml
http://secunia.com/advisories/14382
XForce ISS Database: phpmyadmin-multiple-php-xss(19462)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19462
Common Vulnerability Exposure (CVE) ID: CVE-2005-0567
BugTraq ID: 12645
http://www.securityfocus.com/bid/12645
http://secunia.com/advisories/14382/
XForce ISS Database: phpmyadmin-file-include(19465)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19465

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52161
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: phpmyadmin, phpMyAdmin
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: phpmyadmin, phpMyAdmin CVE-2005-0543 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. CVE-2005-0567 Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0543 BugTraq ID: 12644 http://www.securityfocus.com/bid/12644 Bugtraq: 20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 (Google Search) http://marc.info/?l=bugtraq&m=110929725801154&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml http://secunia.com/advisories/14382 XForce ISS Database: phpmyadmin-multiple-php-xss(19462) https://exchange.xforce.ibmcloud.com/vulnerabilities/19462 Common Vulnerability Exposure (CVE) ID: CVE-2005-0567 BugTraq ID: 12645 http://www.securityfocus.com/bid/12645 http://secunia.com/advisories/14382/ XForce ISS Database: phpmyadmin-file-include(19465) https://exchange.xforce.ibmcloud.com/vulnerabilities/19465
Copyright	Copyright (C) 2008 E-Soft Inc.