exploits , vulnerabilities , articles , phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities

Title	phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities
Published	2007-11-20-12:00AM
Updated	2007-11-22-01:44PM
Class	Input Validation Error
CVE	CVE-2007-5976 E-2007-5977
Remote	Yes
Local	No
Credit	Omer Singer of The DigiTrust Group and the vendor reported these vulnerabilities.
Vulnerable	RedHat Fedora 7 0 phpMyAdmin phpMyAdmin 2.11.1 phpMyAdmin phpMyAdmin 2.9.1 phpMyAdmin phpMyAdmin 2.9 rc1 phpMyAdmin phpMyAdmin 2.9 .2 phpMyAdmin phpMyAdmin 2.9 .1 phpMyAdmin phpMyAdmin 2.9 phpMyAdmin phpMyAdmin 2.8.2 phpMyAdmin phpMyAdmin 2.8.1 phpMyAdmin phpMyAdmin 2.8 .4 phpMyAdmin phpMyAdmin 2.8 .3 phpMyAdmin phpMyAdmin 2.8 .1 phpMyAdmin phpMyAdmin 2.7 .0beta1 phpMyAdmin phpMyAdmin 2.7 pl1 phpMyAdmin phpMyAdmin 2.7 phpMyAdmin phpMyAdmin 2.6.4 rc1 phpMyAdmin phpMyAdmin 2.6.4 pl4 phpMyAdmin phpMyAdmin 2.6.4 pl3 phpMyAdmin phpMyAdmin 2.6.4 pl1 phpMyAdmin phpMyAdmin 2.6.3 pl1 phpMyAdmin phpMyAdmin 2.6.2 rc1 phpMyAdmin phpMyAdmin 2.6.2 Gentoo Linux Gentoo Linux phpMyAdmin phpMyAdmin 2.6.1 pl3 phpMyAdmin phpMyAdmin 2.6.1 pl1 phpMyAdmin phpMyAdmin 2.6.1 rc1 phpMyAdmin phpMyAdmin 2.6.1 phpMyAdmin phpMyAdmin 2.6 .0pl3 phpMyAdmin phpMyAdmin 2.6 .0pl2 Gentoo Linux 1.4 Gentoo Linux 1.4 Gentoo Linux 1.4 Gentoo Linux Gentoo Linux Gentoo Linux phpMyAdmin phpMyAdmin 2.6 .0pl1 phpMyAdmin phpMyAdmin 2.6 phpMyAdmin phpMyAdmin 2.5.7 pl1 phpMyAdmin phpMyAdmin 2.5.7 phpMyAdmin phpMyAdmin 2.5.6 rc1 phpMyAdmin phpMyAdmin 2.5.5 pl1 phpMyAdmin phpMyAdmin 2.5.5 rc2 phpMyAdmin phpMyAdmin 2.5.5 rc1 phpMyAdmin phpMyAdmin 2.5.5 phpMyAdmin phpMyAdmin 2.5.4 phpMyAdmin phpMyAdmin 2.5.3 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 phpMyAdmin phpMyAdmin 2.5.2 phpMyAdmin phpMyAdmin 2.5.1 phpMyAdmin phpMyAdmin 2.5 .0 phpMyAdmin phpMyAdmin 2.4 .0 phpMyAdmin phpMyAdmin 2.3.2 phpMyAdmin phpMyAdmin 2.3.1 phpMyAdmin phpMyAdmin 2.2.6 phpMyAdmin phpMyAdmin 2.2.5 phpMyAdmin phpMyAdmin 2.2.4 phpMyAdmin phpMyAdmin 2.2.3 phpMyAdmin phpMyAdmin 2.2.2 phpMyAdmin phpMyAdmin 2.2 rc3 phpMyAdmin phpMyAdmin 2.2 rc2 phpMyAdmin phpMyAdmin 2.2 rc1 phpMyAdmin phpMyAdmin 2.2 pre2 phpMyAdmin phpMyAdmin 2.2 pre1 phpMyAdmin phpMyAdmin 2.2 phpMyAdmin phpMyAdmin 2.1 .2 phpMyAdmin phpMyAdmin 2.1 .1 phpMyAdmin phpMyAdmin 2.1 Debian Linux 2.2 sparc Debian Linux 2.2 sparc Debian Linux 2.2 sparc Debian Linux 2.2 powerpc Debian Linux 2.2 powerpc Debian Linux 2.2 powerpc Debian Linux 2.2 arm Debian Linux 2.2 arm Debian Linux 2.2 arm Debian Linux 2.2 alpha Debian Linux 2.2 alpha Debian Linux 2.2 alpha Debian Linux 2.2 68k Debian Linux 2.2 68k Debian Linux 2.2 68k Debian Linux 2.2 Debian Linux 2.2 Debian Linux 2.2 FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 3.5.1 FreeBSD FreeBSD 3.5.1 FreeBSD FreeBSD 3.5.1 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.0 MandrakeSoft Linux Mandrake 7.0 MandrakeSoft Linux Mandrake 7.0 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.6 OpenBSD OpenBSD 2.6 OpenBSD OpenBSD 2.6 RedHat Linux 7.0 RedHat Linux 7.0 RedHat Linux 7.0 RedHat Linux 6.2 RedHat Linux 6.2 RedHat Linux 6.2 S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.0 S.u.S.E. Linux 7.0 S.u.S.E. Linux 7.0 S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.4 Sun Solaris 7.0 _x86 Sun Solaris 7.0 _x86 Sun Solaris 7.0 _x86 Sun Solaris 7.0 Sun Solaris 7.0 Sun Solaris 7.0 Sun Solaris 2.6 _x86 Sun Solaris 2.6 _x86 Sun Solaris 2.6 _x86 Sun Solaris 2.6 Sun Solaris 2.6 Sun Solaris 2.6 Sun Solaris 8_x86 Sun Solaris 8_x86 Sun Solaris 8_x86 Sun Solaris 8 Sun Solaris 8 Sun Solaris 8 phpMyAdmin phpMyAdmin 2.0.5 phpMyAdmin phpMyAdmin 2.0.4 phpMyAdmin phpMyAdmin 2.0.3 phpMyAdmin phpMyAdmin 2.0.2 phpMyAdmin phpMyAdmin 2.0.1 phpMyAdmin phpMyAdmin 2.0 phpMyAdmin phpMyAdmin 2.9.2rc1 phpMyAdmin phpMyAdmin 2.9.1.1 phpMyAdmin phpMyAdmin 2.9.0.3 phpMyAdmin phpMyAdmin 2.11.1.2 phpMyAdmin phpMyAdmin 2.11.1.1 phpMyAdmin phpMyAdmin 2.10.0.2 phpMyAdmin phpMyAdmin 2.10.0.1 phpMyAdmin phpMyAdmin 2.10.0.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0
Not Vulnerable	phpMyAdmin phpMyAdmin 2.11.2.1
Code	Attackers can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, an attacker must entice a victim user to follow a malicious URI.
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities