| Revision Date: | 2014-06-23 | Version: | 20 |
| Title: | DSA-2286-1 phpymadmin -- several |
| Description: | Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2505 Possible session manipulation in Swekey authentication. CVE-2011-2506 Possible code injection in setup script, in case session variables are compromised. CVE-2011-2507 Regular expression quoting issue in Synchronize code. CVE-2011-2508 Possible directory traversal in MIME-type transformation. CVE-2011-2642 Cross site scripting in table Print view when the attacker can create crafted table names. No CVE name yet Possible superglobal and local variables manipulation in Swekey authentication. The oldstable distribution is only affected by CVE-2011-2642, which has been fixed in version 2.11.8.1-5+lenny9. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2011-2505
CVE-2011-2506
CVE-2011-2507
CVE-2011-2508
CVE-2011-2642
DSA-2286-1
|
| Platform(s): | Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 6.0
| Product(s): | phpymadmin
|
| Definition Synopsis |
| Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel
Debian GNU/Linux is installed
OR Debian GNU/kFreeBSD is installed
AND Installed architecture is all
AND phpymadmin DPKG is earlier than 3.3.7-6
|