*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Binary package hint: phpmyadmin
CVE-2010-4329
Cross site scripting was possible in search, that allowed
a remote attacker to inject arbitrary web script or HTML.
CVE-2010-4480
Cross site scripting was possible in errors, that allowed
a remote attacker to inject arbitrary web script or HTML.
CVE-2010-4481
Display of PHP's phpinfo() function was available to world, but only
if this functionality had been enabled (defaults to off). This may
leak some information about the host system.
Description: Ubuntu 10.04.1 LTS
Release: 10.04
phpmyadmin:
Instalado: 4:3.3.2-1
Candidato: 4:3.3.2-1
Tabela de versão:
*** 4:3.3.2-1 0
500 http://br.archive.ubuntu.com/ubuntu/ lucid/universe Packages
100 /var/lib/dpkg/status
Here an example:
http://127.0.0.1/phpmyadmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br]It%27s+possible+use+some+special+tags+too[br]Found+by+Tiger+Security+Tiger+Team+-+[a%40http://www.tigersecurity.it%40_self]This%20Is%20a%20Link[%2Fa]
** Affects: phpmyadmin (Ubuntu)
Importance: Undecided
Status: New
** Tags: phpmyadmin
--
phpmyadmin security problem
https://bugs.edge.launchpad.net/bugs/699649
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
