commit cabd3962433a699e54976e3ff02813ca6b9dde6c
Author: Miklos Vajna <>
Date:   Thu Jul 7 00:48:40 2011 +0200


diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 852eb0e..11ff155 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,24 @@

+               <id>729</id>
+               <date>2011-07-07</date>
+               <author>Miklos Vajna</author>
+               <package>phpmyadmin</package>
+               <vulnerable></vulnerable>
+               <unaffected></unaffected>
+               <bts></bts>
+               <cve>
+              </cve>
+               <desc>Some vulnerabilities have been reported in phpMyAdmin, 
which can be exploited by malicious users to disclose sensitive information and 
by malicious users and malicious people to compromise a vulnerable system.
+                       1) An error within the "Swekey_login()" function in 
libraries/auth/swekey/swekey.auth.lib.php can be exploited to overwrite session 
variables and e.g. inject and execute arbitrary PHP code.
+                       2) Input passed to the "PMA_createTargetTables()" 
function in libraries/server_synchronize.lib.php is not properly sanitised 
before calling the "preg_replace()" function with the "e" modifier. This can be 
exploited to execute arbitrary PHP code via URL-encoded NULL bytes.
+                       3) Input passed to the "PMA_displayTableBody()" 
function in libraries/display_tbl.lib.php is not properly sanitised before 
being used to include files. This can be exploited to include arbitrary files 
from local resources via directory traversal sequences.
+                       NOTE: A weakness in setup scripts, which could lead to 
arbitrary PHP code injection if session variables are overwritten has also been 
+       </fsa>
+       <fsa>
<author>Miklos Vajna</author>
Frugalware-git mailing list

Reply via email to