Client Login 
Community 
Contact Us 
LinkBack URL
About LinkBacksDue to serious vulnerability we came up with the new patch level. see the PMASA-2005-4 here.
Summary: Local file inclusion vulnerability
Description: In libraries/grab_globals.lib.php, the $__redirect parameter was not correctly validated, opening the door to a local file inclusion attack.
Severity: We consider this vulnerability to be serious. However, it can be exploited only on systems not running in PHP safe mode (unless a deliberate hole was opened by including in open_basedir some paths containing sensitive data).
Affected versions: phpMyAdmin versions 2.6.4 and 2.6.4-pl1.
Solution: Upgrade to phpMyAdmin 2.6.4-pl2 or newer.
see the featurelist
Welcome to the JaguarPC Community
Results 1 to 4 of 4
This is a discussion on !!!IMPORTANT!!! phpMyAdmin Version 2.6.4 patch level 2 released [October 11th, 2005] in the Open Discussion & Chit-chat forum
Due to serious vulnerability we came up with the new patch level. see the PMASA-2005-4 here .
Summary: Local file inclusion vulnerability
Description: In libraries/grab_globals.lib.php, ...
-
10-12-2005, 02:44 PM #1Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
!!!IMPORTANT!!! phpMyAdmin Version 2.6.4 patch level 3 released [October 22th, 2005]
Last edited by Vin DSL; 10-23-2005 at 10:33 PM.
DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
-
10-12-2005, 03:29 PM #2Like a star...
- Join Date
- Oct 2002
- Location
- Colombia
- Posts
- 1,399
Thanks for the headsup... i hope it's fixed soon on the debian packages.
Julian D. Muñoz - LANeros.com
-
10-12-2005, 04:39 PM #3Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
phpMyAdmin is great proggie, but it can be very dangerous in the hands of evil-minded hackers. It's best to keep up with the latest updates!
DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
-
10-23-2005, 10:32 PM #4Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
And, again...
Posted By: lem9
Date: 2005-10-22 05:57
Summary: phpMyAdmin 2.6.4-pl3 is released
This is patch level 3 for phpMyAdmin 2.6.4, fixing security problems; see the upcoming alert PMASA-2005-5 on http://www.phpmyadmin.net/home_page/security.phpDISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
Reply With Quote
Posting Permissions
Get Social:
Copyright © 2011 JaguarPC.com
Bookmarks