exploits , vulnerabilities , articles , phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities

Title	phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities
Published	2007-11-20-12:00AM
Updated	2007-11-22-01:44PM
Class	Input Validation Error
CVE	CVE-2007-5976 E-2007-5977
Remote	Yes
Local	No
Credit	Omer Singer of The DigiTrust Group and the vendor reported these vulnerabilities.
Vulnerable	RedHat Fedora 7 0 phpMyAdmin phpMyAdmin 2.11.1 phpMyAdmin phpMyAdmin 2.9.1 phpMyAdmin phpMyAdmin 2.9 rc1 phpMyAdmin phpMyAdmin 2.9 .2 phpMyAdmin phpMyAdmin 2.9 .1 phpMyAdmin phpMyAdmin 2.9 phpMyAdmin phpMyAdmin 2.8.2 phpMyAdmin phpMyAdmin 2.8.1 phpMyAdmin phpMyAdmin 2.8 .4 phpMyAdmin phpMyAdmin 2.8 .3 phpMyAdmin phpMyAdmin 2.8 .1 phpMyAdmin phpMyAdmin 2.7 .0beta1 phpMyAdmin phpMyAdmin 2.7 pl1 phpMyAdmin phpMyAdmin 2.7 phpMyAdmin phpMyAdmin 2.6.4 rc1 phpMyAdmin phpMyAdmin 2.6.4 pl4 phpMyAdmin phpMyAdmin 2.6.4 pl3 phpMyAdmin phpMyAdmin 2.6.4 pl1 phpMyAdmin phpMyAdmin 2.6.3 pl1 phpMyAdmin phpMyAdmin 2.6.2 rc1 phpMyAdmin phpMyAdmin 2.6.2 Gentoo Linux Gentoo Linux phpMyAdmin phpMyAdmin 2.6.1 pl3 phpMyAdmin phpMyAdmin 2.6.1 pl1 phpMyAdmin phpMyAdmin 2.6.1 rc1 phpMyAdmin phpMyAdmin 2.6.1 phpMyAdmin phpMyAdmin 2.6 .0pl3 phpMyAdmin phpMyAdmin 2.6 .0pl2 Gentoo Linux 1.4 Gentoo Linux 1.4 Gentoo Linux 1.4 Gentoo Linux Gentoo Linux Gentoo Linux phpMyAdmin phpMyAdmin 2.6 .0pl1 phpMyAdmin phpMyAdmin 2.6 phpMyAdmin phpMyAdmin 2.5.7 pl1 phpMyAdmin phpMyAdmin 2.5.7 phpMyAdmin phpMyAdmin 2.5.6 rc1 phpMyAdmin phpMyAdmin 2.5.5 pl1 phpMyAdmin phpMyAdmin 2.5.5 rc2 phpMyAdmin phpMyAdmin 2.5.5 rc1 phpMyAdmin phpMyAdmin 2.5.5 phpMyAdmin phpMyAdmin 2.5.4 phpMyAdmin phpMyAdmin 2.5.3 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 phpMyAdmin phpMyAdmin 2.5.2 phpMyAdmin phpMyAdmin 2.5.1 phpMyAdmin phpMyAdmin 2.5 .0 phpMyAdmin phpMyAdmin 2.4 .0 phpMyAdmin phpMyAdmin 2.3.2 phpMyAdmin phpMyAdmin 2.3.1 phpMyAdmin phpMyAdmin 2.2.6 phpMyAdmin phpMyAdmin 2.2.5 phpMyAdmin phpMyAdmin 2.2.4 phpMyAdmin phpMyAdmin 2.2.3 phpMyAdmin phpMyAdmin 2.2.2 phpMyAdmin phpMyAdmin 2.2 rc3 phpMyAdmin phpMyAdmin 2.2 rc2 phpMyAdmin phpMyAdmin 2.2 rc1 phpMyAdmin phpMyAdmin 2.2 pre2 phpMyAdmin phpMyAdmin 2.2 pre1 phpMyAdmin phpMyAdmin 2.2 phpMyAdmin phpMyAdmin 2.1 .2 phpMyAdmin phpMyAdmin 2.1 .1 phpMyAdmin phpMyAdmin 2.1 Debian Linux 2.2 sparc Debian Linux 2.2 sparc Debian Linux 2.2 sparc Debian Linux 2.2 powerpc Debian Linux 2.2 powerpc Debian Linux 2.2 powerpc Debian Linux 2.2 arm Debian Linux 2.2 arm Debian Linux 2.2 arm Debian Linux 2.2 alpha Debian Linux 2.2 alpha Debian Linux 2.2 alpha Debian Linux 2.2 68k Debian Linux 2.2 68k Debian Linux 2.2 68k Debian Linux 2.2 Debian Linux 2.2 Debian Linux 2.2 FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 3.5.1 FreeBSD FreeBSD 3.5.1 FreeBSD FreeBSD 3.5.1 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.0 MandrakeSoft Linux Mandrake 7.0 MandrakeSoft Linux Mandrake 7.0 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.6 OpenBSD OpenBSD 2.6 OpenBSD OpenBSD 2.6 RedHat Linux 7.0 RedHat Linux 7.0 RedHat Linux 7.0 RedHat Linux 6.2 RedHat Linux 6.2 RedHat Linux 6.2 S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.0 S.u.S.E. Linux 7.0 S.u.S.E. Linux 7.0 S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.4 Sun Solaris 7.0 _x86 Sun Solaris 7.0 _x86 Sun Solaris 7.0 _x86 Sun Solaris 7.0 Sun Solaris 7.0 Sun Solaris 7.0 Sun Solaris 2.6 _x86 Sun Solaris 2.6 _x86 Sun Solaris 2.6 _x86 Sun Solaris 2.6 Sun Solaris 2.6 Sun Solaris 2.6 Sun Solaris 8_x86 Sun Solaris 8_x86 Sun Solaris 8_x86 Sun Solaris 8 Sun Solaris 8 Sun Solaris 8 phpMyAdmin phpMyAdmin 2.0.5 phpMyAdmin phpMyAdmin 2.0.4 phpMyAdmin phpMyAdmin 2.0.3 phpMyAdmin phpMyAdmin 2.0.2 phpMyAdmin phpMyAdmin 2.0.1 phpMyAdmin phpMyAdmin 2.0 phpMyAdmin phpMyAdmin 2.9.2rc1 phpMyAdmin phpMyAdmin 2.9.1.1 phpMyAdmin phpMyAdmin 2.9.0.3 phpMyAdmin phpMyAdmin 2.11.1.2 phpMyAdmin phpMyAdmin 2.11.1.1 phpMyAdmin phpMyAdmin 2.10.0.2 phpMyAdmin phpMyAdmin 2.10.0.1 phpMyAdmin phpMyAdmin 2.10.0.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0
Not Vulnerable	phpMyAdmin phpMyAdmin 2.11.2.1
Code	Attackers can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, an attacker must entice a victim user to follow a malicious URI.
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 iDevSpot iSupport Multiple Cross Site Scripting Vulnerabilities
2009-12-17 GNU Automake Insecure Directory Permissions Vulnerability
2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
2009-12-17 Drupal Sections Module HTML Injection Vulnerability
2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities