Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20283
HistoryDec 09, 2010 - 12:00 a.m.

phpMyAdmin数据库搜索跨站脚本执行漏洞

2010-12-0900:00:00
Root
www.seebug.org
45

EPSS

0.004

Percentile

73.1%

JSON

BUGTRAQ ID: 45100
CVE ID: CVE-2010-4329

phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。

phpMyAdmin由于未有效过滤用户提供的数据,所以在实现上存在跨站脚本漏洞,远程攻击者可利用此漏洞在其他访问网站的用户的浏览器中执行任意脚本代码,从而窃取基于Cookie的验证凭据,发动其他攻击。

MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
phpMyAdmin phpMyAdmin 2.11 - 3.3.6
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
厂商补丁:

MandrakeSoft

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.linux-mandrake.com/en/security/

Related

cvelist 1
openvas 11
nvd 1
phpmyadmin 1
prion 1
nessus 4
ubuntucve 1
fedora 2
debiancve 1
freebsd 1
cve 1
securityvulns 4
debian 1
osv 1
cvelist
cvelist
CVE-2010-4329
2010-12-02 16:00:00
openvas
openvas
FreeBSD Ports: phpMyAdmin
2011-01-24 00:00:00
Fedora Update for phpMyAdmin FEDORA-2010-18371
2010-12-23 00:00:00
Fedora Update for phpMyAdmin FEDORA-2010-18371
2010-12-23 00:00:00
nvd
nvd
CVE-2010-4329
2010-12-02 16:22:21
phpmyadmin
phpmyadmin
XSS attack in database search.
2010-11-29 00:00:00
prion
prion
Cross site scripting
2010-12-02 16:22:00
nessus
nessus
Fedora 14 : phpMyAdmin-3.3.8.1-1.fc14 (2010-18343)
2010-12-09 00:00:00
FreeBSD : phpMyAdmin -- XSS attack in database search (753f8185-5ba9-42a4-be02-3f55ee580093)
2010-11-30 00:00:00
Fedora 13 : phpMyAdmin-3.3.8.1-1.fc13 (2010-18371)
2010-12-09 00:00:00
ubuntucve
ubuntucve
CVE-2010-4329
2010-12-02 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: phpMyAdmin-3.3.8.1-1.fc14
2010-12-08 21:34:18
[SECURITY] Fedora 13 Update: phpMyAdmin-3.3.8.1-1.fc13
2010-12-08 21:36:02
debiancve
debiancve
CVE-2010-4329
2010-12-02 16:22:21
freebsd
freebsd
phpMyAdmin -- XSS attack in database search
2010-11-29 00:00:00
cve
cve
CVE-2010-4329
2010-12-02 16:22:21
securityvulns
securityvulns
[ MDVSA-2010:244 ] phpmyadmin
2010-12-01 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-01-03 00:00:00
[SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities
2011-01-03 00:00:00
debian
debian
[SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities
2010-12-31 15:57:29
osv
osv
phpmyadmin - several
2010-12-31 00:00:00

EPSS

0.004

Percentile

73.1%

JSON
Related for SSV:20283
cvelist1openvas11nvd1phpmyadmin1prion1nessus4ubuntucve1fedora2debiancve1freebsd1cve1securityvulns4debian1osv1