From 6e65e65e23ec39e6ac3c264364f4eddb68a46717 Mon Sep 17 00:00:00 2001 From: William Desportes Date: Sat, 11 Jan 2020 20:50:29 +0100 Subject: Update old phpMyAdmin CVE entries years: - 2003 (ignored, no CVEs found) - 2004 (4; 1 has patch links) - 2005 (9; 3 had patch links) - 2006 (9; 9 had patch links) - 2007 (8; 8 had patch links) - 2008 (10; 10 had patch links) - 2018 (5; 5 had patch links) - 2019 (5; 5 had patch links) - 2020 (1; 1 has patch links) Fixed links for: http://www.phpmyadmin.net/home_page/security/(.*).php --- data/CVE/2008.list | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) (limited to 'data/CVE/2008.list') diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 612361a8c0..620a88c5ce 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -3732,6 +3732,9 @@ CVE-2008-5622 CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x b ...) {DSA-1723-1} - phpmyadmin 4:2.11.8.1-5 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-10/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d4adbfc1996c7d715b0ac9fa39a2ac14d8b28ad (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/01685c90aaba943511de0496e7ecb7fe49fa765b CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...) NOT-FOR-US: ProjectPier CVE-2008-5583 (Cross-site request forgery (CSRF) vulnerability in index.php in Projec ...) @@ -5875,7 +5878,10 @@ CVE-2008-XXXX [balazar3: insecure temp file handling] CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin ...) - phpmyadmin 4:2.11.8.1-4 (low) [etch] - phpmyadmin (Vulnerable code not present) - NOTE: http://www.securityfocus.com/archive/1/497815 + NOTE: https://www.securityfocus.com/archive/1/497815 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-9/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/625e9f2e93671f9e4a9086b8d6c8111f70ffcc3d (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/600a2ca21bc8b40742fd0a919a6b06a477548647 CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when ...) NOT-FOR-US: PlugSpace CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remo ...) @@ -6869,6 +6875,9 @@ CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in phpM ...) {DSA-1675-1} - phpmyadmin 4:2.11.8.1-3 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-8/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44f9f2f8b7475c2d48c529d9bfd0ff473cd328b1 (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d219abdcd55c11f7f629a58a2279f0839bd2acc CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the H ...) - viewvc 1.0.9-1 (bug #500779; unimportant) CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on Window ...) @@ -7620,6 +7629,9 @@ CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does no CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 all ...) {DSA-1641-1} - phpmyadmin 4:2.11.8.1-2 (medium) + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-7/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8d65ec564ada5c839be8f3f07f483cd82ce6a11 (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/64623fe9dbccff3f1ad9a54f844f91cefd07569c CVE-2008-XXXX [unsafe use of tempfile in ssmclient] - smsclient (unimportant; bug #498901) NOTE: script is not in use and only a suggestion for users @@ -9080,6 +9092,9 @@ CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdm {DSA-1641-1} - phpmyadmin 4:2.11.8~rc1-1 NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-6/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a5e53c31bcbcadcb5d16cffaa3b9af181b26296 (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bfb27fb0538f43e9c49b6a183b767c2bed1524d CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in JnSHos ...) NOT-FOR-US: JnSHosts PHP Hosting Directory CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass a ...) @@ -9693,6 +9708,9 @@ CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin bef - phpmyadmin 4:2.11.7.1-1 (low) NOTE: this only allows via csrf to create an empty database. NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-5/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/13fbcf4107476dc2d53a8dde707667172f807641 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/084fd3ed16290339ee98a14d067932f638974044 (useless?) CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ( ...) NOT-FOR-US: Chipmunk Blog CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate Syste ...) @@ -10686,6 +10704,8 @@ CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, ...) - phpmyadmin 4:2.11.7~rc2-1 (unimportant) NOTE: We haven't supported installations with register_globals enabled since a long time + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-4/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aa2076eedc7e3664b09681d6fe9dd019eca98647 CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...) {DTSA-142-1} - perl 5.10.0-11 (bug #487319; medium) @@ -12680,8 +12700,8 @@ CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running ...) {DSA-1557-1} - phpmyadmin 4:2.11.5.2-1 - NOTE: PMASA-2008-3 - NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-3/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79fe2890d28076d9406f7032198109ecd22866a6 CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...) NOT-FOR-US: BigAnt Messenger CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...) @@ -13560,7 +13580,8 @@ CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) passw ...) {DSA-1557-1} - phpmyadmin 2.11.5.1 - NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-2/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/533bb88e32aafc17e754e5ea5e26e9b02b306993 NOTE: It is a workaround for the limited security that PHP has for NOTE: session files on a shared host. This limitation is documented with NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin. @@ -14510,7 +14531,9 @@ CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parame - phpmyadmin 4:2.11.5-1 (low) [etch] - phpmyadmin (Minor issue) [sarge] - phpmyadmin (Vulnerable code not present) - NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-1/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c57b39bed91f06d574a95d8a5a091e5e59492d69 + NOTE: SQL injection if you can set local cookies, which means NOTE: you must be able to create pages in the same cookie domain, which seems NOTE: rare and unwise. low priority. CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses AD ...) -- cgit v1.2.3