The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of phpMyAdmin: several Cross Site Scripting

Synthesis of the vulnerability 

An attacker can use several PHP pages in order to inject HTML code in phpMyAdmin.
Vulnerable products: Debian, phpMyAdmin.
Severity of this weakness: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 24/04/2007.
Références of this bulletin: BID-23624, CVE-2007-2245, DSA-1370-1, MDKSA-2007:199, VIGILANCE-VUL-6762.

Description of the vulnerability 

The phpMyAdmin program is used to administer a MySQL database. It has several vulnerabilities.

An attacker can create a Cross Site Scripting attack by using the PMA_sanitize() function. [severity:2/4]

An attacker can create a Cross Site Scripting attack by using the browse_foreigners.php script. [severity:2/4]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security threat impacts software or systems such as Debian, phpMyAdmin.

Our Vigil@nce team determined that the severity of this computer weakness note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this computer threat alert.

Solutions for this threat 

phpMyAdmin: version 2.10.1.0.
Version 2.10.1.0 is corrected:
  http://www.phpmyadmin.net/

Debian: new phpmyadmin packages.
New packages are available:
Debian GNU/Linux 3.1 alias sarge
  Source archives:
    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge5.dsc
      Size/MD5 checksum: 896 7d2144286ddad9d5a8a88af1660bf34f
    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge5.diff.gz
      Size/MD5 checksum: 41685 71832d082f9aad134786fb51c522e5f3
    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2.orig.tar.gz
      Size/MD5 checksum: 2654418 05e33121984824c43d94450af3edf267
  Architecture independent components:
    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge5_all.deb
      Size/MD5 checksum: 2769794 b7f2545109e3904bb7e8eb49b09e6f7c
Debian GNU/Linux 4.0 alias etch
  Source archives:
    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.dsc
      Size/MD5 checksum: 1011 26baccf88fa7d3b00f4802e46d8d0053
    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.diff.gz
      Size/MD5 checksum: 46886 0f377a70b327c65f53ff6895856d18d6
    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
      Size/MD5 checksum: 3500563 f598509b308bf96aee836eb2338f523c
  Architecture independent components:
    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4_all.deb
      Size/MD5 checksum: 3605594 05f19efce1cb5b31a8f1161a01dbe158

Mandriva Linux Corporate 4.0: new phpMyAdmin packages.
New packages are available:
 Corporate 4.0:
 1615938a8fb39ea6af326c8c82865be9 corporate/4.0/i586/phpMyAdmin-2.11.1.2-0.1.20060mlcs4.noarch.rpm
 b85026949e4db3234873cef96d7c7aa0 corporate/4.0/SRPMS/phpMyAdmin-2.11.1.2-0.1.20060mlcs4.src.rpm
 Corporate 4.0/X86_64:
 883eca31e1d12d5d13ac860f9bec4111 corporate/4.0/x86_64/phpMyAdmin-2.11.1.2-0.1.20060mlcs4.noarch.rpm
 b85026949e4db3234873cef96d7c7aa0 corporate/4.0/SRPMS/phpMyAdmin-2.11.1.2-0.1.20060mlcs4.src.rpm
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities alert. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.