 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.57579 |
| Category: | Debian Local Security Checks |
| Title: | Debian Security Advisory DSA 1207-1 (phpmyadmin) |
| Summary: | The remote host is missing an update to phpmyadmin announced via advisory DSA 1207-1. Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3621 CRLF injection vulnerability allows remote attackers to conduct HTTP response splitting attacks. CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. CVE-2006-1678 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via scripts in the themes directory. CVE-2006-2418 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the db parameter of footer.inc.php. CVE-2006-5116 A remote attacker could overwrite internal variables through the _FILES global variable.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1207)' (OID: 1.3.6.1.4.1.25623.1.0.57591). |
| Description: | Summary: The remote host is missing an update to phpmyadmin announced via advisory DSA 1207-1. Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3621 CRLF injection vulnerability allows remote attackers to conduct HTTP response splitting attacks. CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. CVE-2006-1678 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via scripts in the themes directory. CVE-2006-2418 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the db parameter of footer.inc.php. CVE-2006-5116 A remote attacker could overwrite internal variables through the _FILES global variable. This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1207)' (OID: 1.3.6.1.4.1.25623.1.0.57591). Solution: For the stable distribution (sarge) these problems have been fixed in version 2.6.2-3sarge2. For the upcoming stable release (etch) and unstable distribution (sid) these problems have been fixed in version 2.9.0.3-1. We recommend that you upgrade your phpmyadmin package. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-1678 BugTraq ID: 17390 http://www.securityfocus.com/bid/17390 Debian Security Information: DSA-1207 (Google Search) http://www.debian.org/security/2006/dsa-1207 http://www.osvdb.org/24450 http://secunia.com/advisories/19556 http://secunia.com/advisories/19897 http://secunia.com/advisories/22781 SuSE Security Announcement: SUSE-SR:2006:009 (Google Search) http://www.novell.com/linux/security/advisories/2006_04_28.html http://www.vupen.com/english/advisories/2006/1263 XForce ISS Database: phpmyadmin-themes-xss(25689) https://exchange.xforce.ibmcloud.com/vulnerabilities/25689 Common Vulnerability Exposure (CVE) ID: CVE-2006-2418 BugTraq ID: 17973 http://www.securityfocus.com/bid/17973 http://secunia.com/advisories/20113 http://secunia.com/advisories/20627 SuSE Security Announcement: SUSE-SR:2006:013 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html http://www.vupen.com/english/advisories/2006/1794 XForce ISS Database: phpmyadmin-db-xss(26441) https://exchange.xforce.ibmcloud.com/vulnerabilities/26441 Common Vulnerability Exposure (CVE) ID: CVE-2005-3621 http://securitytracker.com/id?1015213 http://secunia.com/advisories/17578 SuSE Security Announcement: SUSE-SR:2005:028 (Google Search) http://www.novell.com/linux/security/advisories/2005_28_sr.html Common Vulnerability Exposure (CVE) ID: CVE-2005-3665 BugTraq ID: 15735 http://www.securityfocus.com/bid/15735 http://www.gentoo.org/security/en/glsa/glsa-200512-03.xml http://secunia.com/advisories/17895 http://secunia.com/advisories/17957 http://secunia.com/advisories/18618 SuSE Security Announcement: SUSE-SA:2006:004 (Google Search) http://www.securityfocus.com/archive/1/423142/100/0/threaded http://www.vupen.com/english/advisories/2005/2772 Common Vulnerability Exposure (CVE) ID: CVE-2006-5116 BugTraq ID: 20253 http://www.securityfocus.com/bid/20253 Bugtraq: 20061001 Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/447491/100/0/threaded http://www.hardened-php.net/advisory_072006.130.html http://secunia.com/advisories/22126 http://secunia.com/advisories/23086 http://securityreason.com/securityalert/1677 SuSE Security Announcement: SUSE-SA:2006:071 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://attrition.org/pipermail/vim/2006-October/001067.html XForce ISS Database: phpmyadmin-multiple-csrf(29301) https://exchange.xforce.ibmcloud.com/vulnerabilities/29301 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |