Vulnerabilities > CVE-2005-3621 - Unspecified vulnerability in PHPmyadmin
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpmyadmin
nessus
Summary
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
Vulnerable Configurations
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-1207.NASL |
| description | The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, please find below the original advisory text : Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3621 CRLF injection vulnerability allows remote attackers to conduct HTTP response splitting attacks. - CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. - CVE-2006-1678 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via scripts in the themes directory. - CVE-2006-2418 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the db parameter of footer.inc.php. - CVE-2006-5116 A remote attacker could overwrite internal variables through the _FILES global variable. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23656 |
| published | 2006-11-20 |
| reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/23656 |
| title | Debian DSA-1207-2 : phpmyadmin - several vulnerabilities |
References
- http://secunia.com/advisories/17578
- http://secunia.com/advisories/17578
- http://secunia.com/advisories/22781
- http://secunia.com/advisories/22781
- http://securitytracker.com/id?1015213
- http://securitytracker.com/id?1015213
- http://www.debian.org/security/2006/dsa-1207
- http://www.debian.org/security/2006/dsa-1207
- http://www.novell.com/linux/security/advisories/2005_28_sr.html
- http://www.novell.com/linux/security/advisories/2005_28_sr.html
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6