Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:9214
HistoryJul 19, 2005 - 12:00 a.m.

[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability

2005-07-1900:00:00
vulners.com
9
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA 759-1 [email protected]
http://www.debian.org/security/ Martin Schulze
July 18th, 2005 http://www.debian.org/security/faq

Package : phppgadmin
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2256
BugTraq ID : 14142

A vulnerability has been discovered in phppgadmin, a set of PHP
scripts to administrate PostgreSQL over the WWW, that can lead to
disclose sensitive information. Successful exploitation requires that
"magic_quotes_gpc" is disabled.

the old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 3.5.2-5.

For the unstable distribution (sid) this problem has been fixed in
version 3.5.4.

We recommend that you upgrade your phppgadmin package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5.dsc
  Size/MD5 checksum:      584 46f4509ee768781e441286d125afe0f5
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5.diff.gz
  Size/MD5 checksum:    10063 8f1d0323ae84979c21a409334c6e70db
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2.orig.tar.gz
  Size/MD5 checksum:   612995 9978c0a723a9e4572f2264478c0ba193

Architecture independent components:

http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5_all.deb
  Size/MD5 checksum:   601022 b9e4117adf7ef565e6884fbde4daaf9f

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC24QQW5ql+IAeqTIRAuNeAJ9gsmWwsgBINoKXojvNE3wH54IWJACgi/FK
A0LZceCQa5vcLWI8fHuR+OA=
=I1x/
-----END PGP SIGNATURE-----

Related

nessus 3
openvas 2
cve 1
debiancve 1
ubuntucve 1
freebsd 1
debian 2
nessus
nessus
FreeBSD : phppgadmin -- 'formLanguage' local file inclusion vulnerability (88188a8c-eff6-11d9-8310-0001020eed82)
2005-08-01 00:00:00
Debian DSA-759-1 : phppgadmin - missing input sanitising
2005-07-18 00:00:00
phpPgAdmin index.php formLanguage Parameter Local File Inclusion
2005-07-07 00:00:00
openvas
openvas
FreeBSD Ports: phppgadmin
2008-09-04 00:00:00
Debian Security Advisory DSA 759-1 (phppgadmin)
2008-01-17 00:00:00
cve
cve
CVE-2005-2256
2005-07-13 04:00:00
debiancve
debiancve
CVE-2005-2256
2005-07-13 04:00:00
ubuntucve
ubuntucve
CVE-2005-2256
2005-07-13 00:00:00
freebsd
freebsd
phppgadmin -- "formLanguage" local file inclusion vulnerability
2005-07-05 00:00:00
debian
debian
[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability
2005-07-18 10:27:29
[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability
2005-07-18 10:27:29
JSON
Related for SECURITYVULNS:DOC:9214
nessus3openvas2cve1debiancve1ubuntucve1freebsd1debian2