phpMyAdmin "convcharset" cross-site scripting - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

phpMyAdmin "convcharset" cross-site scripting

Secunia Advisory:	SA27748
Udsendt:	2007-11-21
Sidste Opdt.:	2007-11-28

Kritisk:	Mindre kritisk
Betydning:	Cross Site Scripting
Hvor:	Fra Internet
Løsning Status:	Producent Patch

Software:	phpMyAdmin 2.x

CVE reference:	CVE-2007-6100 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Beskrivelse: Tim Brown har fundet en sårbarhed i phpMyAdmin, som kan udnyttes af ondsindede personer til at udføre cross-site scriptingangreb. Input suppleret til parameteren "convcharset" i index.php (når "auth_type" i konfigurationen er sat til "cookie") filtreres ikke korrekt, før det returneres til brugere. Dette kan udnyttes til at eksekvere vilkårlig HTML og scriptkode i en brugers browser-session associeret med et sårbart site. Sårbarhedne er bekræftet i version 2.11.2.1, men tidligere versioner kan også være berørte. Løsning: Opdatér til version 2.11.2.2. Rapporteret af / Kredit: Tim Brown, Nth Dimension. Forløb: 28-11-2007: Tilføjede CVE-reference. Original Advisory: PMASA-2007-8: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-8 Tim Brown: http://www.nth-dimension.org.uk/pub/NDSA20071119.txt.asc



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

29 Relaterede Secunia Advisories, displaying 10

1. phpMyAdmin SQL-indsættelse og script-indsættelse

2. phpMyAdmin "server_status.php" cross-site scripting

3. phpMyAdmin setup.php cross-site scripting

4. phpMyAdmin cross-site scripting

5. phpMyAdmin cross-site scripting og HTTP-besvarelsesopdeling

6. phpMyAdmin script-indsættelse og omgåelse af IP-adressekontrol

7. phpMyAdmin UTF-7 cross-site scripting

8. phpMyAdmin CSRF-sårbarheder

9. phpMyAdmin "table" parameter cross-site scripting

10. phpMyAdmin "theme" og "db" cross-site scripting

Vis alle relaterede advisories

Send Feedback to Secunia

Hvis du har ny information angående dette Secunia advisory eller et produkt i vores database, så send det venligst til os. Du kan sende det til os enten ved at bruge vores web formular eller ved at sende det til vuln@secunia.com. Ideer, foreslag og andet feedback er også meget velkommen.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	phpJobScheduler "installed_conf ig_file" File Inclusion Vulnerabilities

2.	Novell eDirectory Multiple Vulnerabilities

3.	phpMyRealty "price_max" SQL Injection Vulnerability

4.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

5.	IBM WebSphere Application Server for z/OS HTTP Server mod_proxy_ftp Vulnerability

6.	Sun Solaris Kernel Covert Channel Security Bypass

7.	dotProject SQL Injection and Cross-Site Scripting

8.	Blogn Cross-Site Scripting and Cross-Site Request Forgery

9.	Novell Forum TCL Command Injection Vulnerability

10.	Adium MSN SLP Message Integer Overflow Vulnerabilities