DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th July 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default phpMyAdmin updates patch critical holes

From http://www.h-online.com/security/new...s-1273593.html

Quote:
The phpMyAdmin developers have released versions 3.3.10.2 and 3.4.3.1 of their database administration tool; these are security updates that fix a total of four security holes. Rated as "highly critical" by Secunia, the vulnerabilities include a session manipulation bug in Swekey authentication that could be exploited to overwrite session variables, a possible code injection hole in the setup script and a regular expression quoting problem in Synchronize code.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 6th July 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

As a sidenote, phpmyadmin is one of the most "scanned" web applications according to my access_log 404 errors.
I *highly* recommend installing phpmyadmin in a directory not named phpmyadmin (or phpmyadmin-3.3.1 etc.).

In any case, Adminer does a lot better job. In particular, the UI isn't as cluttered as phpmyadmin (phpmyadmin looks like someone vomited buttons and icons, and then stirred them a bit because they looked to organized).
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireshark updates close security holes J65nko News 1 1st June 2011 10:15 PM
Wireshark updates close critical vulnerabilities J65nko News 0 2nd March 2011 05:32 PM
Ruby on Rails updates fix security holes J65nko News 0 10th February 2011 04:00 PM
phpMyAdmin updates close security vulnerability J65nko News 0 10th February 2011 03:58 PM
Mozilla addresses critical bugs with Firefox updates J65nko News 1 18th February 2010 05:27 PM


All times are GMT. The time now is 10:00 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick