Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2865 Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via the server parameter. CVE-2007-5728 Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via PHP_SELF. CVE-2008-5587 Directory traversal vulnerability allows remote attackers to read arbitrary files via _language parameter. For the stable distribution (etch), these problems have been fixed in version 4.0.1-3.1etch2. For the unstable distribution (sid), these problems have been fixed in version 4.2.1-1.1. We recommend that you upgrade your phppgadmin package.
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems:
Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via PHP_SELF.
Directory traversal vulnerability allows remote attackers to read arbitrary files via _language parameter.
For the stable distribution (etch), these problems have been fixed in version 4.0.1-3.1etch4.
For the unstable distribution (sid), these problems have been fixed in version 4.2.1-1.1.
We recommend that you upgrade your phppgadmin package.
MD5 checksums of the listed files are available in the original advisory.