Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:000 (phpmyadmin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68730

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:000 (phpmyadmin)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to phpmyadmin
announced via advisory MDVSA-2011:000.

Multiple vulnerabilities has been found and corrected in phpmyadmin:

error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers
to conduct cross-site scripting (XSS) attacks via a crafted BBcode
tag containing @ characters, as demonstrated using [a@url@page]
(CVE-2010-4480).

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass
authentication and obtain sensitive information via a direct request
to phpinfo.php, which calls the phpinfo function (CVE-2010-4481).

This upgrade provides the latest phpmyadmin version for MES5 (3.3.9)
and patches the version for CS4 to address these vulnerabilities.

Affected: Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:000
http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php
http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4480
BugTraq ID: 45633
http://www.securityfocus.com/bid/45633
Debian Security Information: DSA-2139 (Google Search)
http://www.debian.org/security/2010/dsa-2139
http://www.exploit-db.com/exploits/15699
http://www.mandriva.com/security/advisories?name=MDVSA-2011:000
http://secunia.com/advisories/42485
http://secunia.com/advisories/42725
http://www.vupen.com/english/advisories/2010/3133
http://www.vupen.com/english/advisories/2011/0001
http://www.vupen.com/english/advisories/2011/0027
Common Vulnerability Exposure (CVE) ID: CVE-2010-4481
http://www.vupen.com/english/advisories/2010/3238

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68730
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:000 (phpmyadmin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to phpmyadmin announced via advisory MDVSA-2011:000. Multiple vulnerabilities has been found and corrected in phpmyadmin: error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing @ characters, as demonstrated using [a@url@page] (CVE-2010-4480). phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function (CVE-2010-4481). This upgrade provides the latest phpmyadmin version for MES5 (3.3.9) and patches the version for CS4 to address these vulnerabilities. Affected: Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:000 http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4480 BugTraq ID: 45633 http://www.securityfocus.com/bid/45633 Debian Security Information: DSA-2139 (Google Search) http://www.debian.org/security/2010/dsa-2139 http://www.exploit-db.com/exploits/15699 http://www.mandriva.com/security/advisories?name=MDVSA-2011:000 http://secunia.com/advisories/42485 http://secunia.com/advisories/42725 http://www.vupen.com/english/advisories/2010/3133 http://www.vupen.com/english/advisories/2011/0001 http://www.vupen.com/english/advisories/2011/0027 Common Vulnerability Exposure (CVE) ID: CVE-2010-4481 http://www.vupen.com/english/advisories/2010/3238
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com