diff options
author | mnag <mnag@FreeBSD.org> | 2006-05-21 09:02:29 +0800 |
---|---|---|
committer | mnag <mnag@FreeBSD.org> | 2006-05-21 09:02:29 +0800 |
commit | 337ee36cc8857de325967b59be8ae9038e334f95 (patch) | |
tree | c9a66ce4887b72074fd4b440dde8753c880346ba /security/vuxml | |
parent | e388ba87dc7b2f92c3b8679bd291cffa11b02042 (diff) | |
download | freebsd-ports-graphics-337ee36cc8857de325967b59be8ae9038e334f95.tar.gz freebsd-ports-graphics-337ee36cc8857de325967b59be8ae9038e334f95.tar.zst freebsd-ports-graphics-337ee36cc8857de325967b59be8ae9038e334f95.zip |
phpmyadmin -- XSRF vulnerabilities
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 27639aa1c1f..feaa04cd8b6 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2ecd02e2-e864-11da-b9f4-00123ffe8333"> + <topic>phpmyadmin -- XSRF vulnerabilities</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><lt>2.8.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>phpMyAdmin security team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-3"> + <p>It was possible to inject arbitrary SQL commands by forcing an + authenticated user to follow a crafted link.</p> + <p>Such issue is quite common in many PHP applications and users + should take care what links they follow. We consider these + vulnerabilities to be quite dangerous.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2006-1804</cvename> + <url>http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-3</url> + <url>http://secunia.com/advisories/19659</url> + </references> + <dates> + <discovery>2006-05-20</discovery> + <entry>2006-05-21</entry> + </dates> + </vuln> <vuln vid="4645b98c-e46e-11da-9ae7-00123fcc6e5c"> <topic>vnc - authentication bypass vulnerability</topic> |