CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 0CVE-2016-5706 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5706
03 Jul 2016 — js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. js/get_scripts.js.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos provocar una denegación de servicio a través de una gran variedad en el parámetro de secuencias de comandos. Multiple vul... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 1%CPEs: 62EXPL: 0CVE-2016-5730 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5730
03 Jul 2016 — phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y ... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5731 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5731
03 Jul 2016 — Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. Vulnerabilidad de XSS en examples/openid.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar comandos de secuencias web o HTML... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5732 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5732
03 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. Múltiples vulnerabilidades de XSS en la implementación de partition-range en templates/table/structure/display_partitions.phtml en la página table-structure en phpMyAdmin 4.6.x en versiones anteriores a 4.6.3 permit... • https://github.com/phpmyadmin/phpmyadmin/commit/0815af37f483f329f0c0565d68821fea9c47b5f5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 62EXPL: 0CVE-2016-5733 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5733
03 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the ch... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 77%CPEs: 59EXPL: 5CVE-2016-5734 – phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-5734
03 Jul 2016 — phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 no elige correctamente delimitadores para prevenir ... • https://packetstorm.news/files/id/148222 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5739 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5739
03 Jul 2016 — The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. La implementación de Transformation en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones an... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2016-2559
https://notcve.org/view.php?id=CVE-2016-2559
01 Mar 2016 — Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. Vulnerabilidad de XSS en la función format en libraries/sql-parser/src/Utils/Error.php en el intérprete SQL en phpMyAdmin 4.5.x en versiones anteriores a 4.5.5.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 64EXPL: 0CVE-2016-2560 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2560
01 Mar 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/contro... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 37EXPL: 0CVE-2016-2561 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2561
01 Mar 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.4.x en versiones ante... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •