Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Asher Glynn (asherSECUREREALITY.COM.AU)
Date: Mon Apr 23 2001 - 09:15:00 CDT
Secure Reality Pty
Ltd. Security Pre-Advisory #1 (SRPRE00001)
Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin
This is a pre-release. This vulnerability will be discussed in detail during
Shaun Clowes' speech at the Black Hat briefings in Asia in the week of the
23rd of April. A full advisory will be issued following the conference
All prior versions are almost certainly vulnerable but not tested
Remote command execution by unauthenticated remote users
The Authors have not yet been able to correct the issues in mainstream
versions. SecureReality is providing patches for the problems, no liability
for the performance or effectiveness of these patches is accepted.
Users of earlier versions are advised to upgrade to the versions specified
then apply the patches.
To apply the patches:
- cd to the directory in which the application files are stored (e.g
- run 'patch -p0 < *Path to patch filename*'
[Disclaimer] Advice, directions and instructions on security
vulnerabilities in this advisory do not constitute: an endorsement of
illegal behavior; a guarantee that protection measures will work; an
endorsement of any product or solution or recommendations on behalf of
Secure Reality Pty Ltd. Content is provided as is and Secure Reality
Pty Ltd does not accept responsibility for any damage or injury caused
as a result of its use.