CVSS: 6.1EPSS: 1%CPEs: 62EXPL: 0CVE-2016-5733 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5733
03 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the ch... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 34EXPL: 0CVE-2016-5703 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5703
03 Jul 2016 — SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. Vulnerbilidad de inyección SQL en libraries/central_columns.lib.php en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x before 4.6.3 permite a atacantes remotos ejecutar comando SQL arbitrarios a través de un nombre de database manipulado que es... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 0CVE-2016-5706 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5706
03 Jul 2016 — js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. js/get_scripts.js.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos provocar una denegación de servicio a través de una gran variedad en el parámetro de secuencias de comandos. Multiple vul... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5702 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5702
03 Jul 2016 — phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. phpMyAdmin 4.6.x en versiones anteriores a 4.6.3, cuando el entorno carece de valor PHP_SELF, permite a atacantes remotos llevar a cabo ataques de inyección cookie-attribute a través de una URI manipulada. Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. Versions less than 4.6.5.1... • https://github.com/phpmyadmin/phpmyadmin/commit/27caf5b46bd0890e576fea7bd7b166a0639fdf68 • CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5732 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5732
03 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. Múltiples vulnerabilidades de XSS en la implementación de partition-range en templates/table/structure/display_partitions.phtml en la página table-structure en phpMyAdmin 4.6.x en versiones anteriores a 4.6.3 permit... • https://github.com/phpmyadmin/phpmyadmin/commit/0815af37f483f329f0c0565d68821fea9c47b5f5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2016-5705 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5705
03 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.4.x... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 1%CPEs: 62EXPL: 0CVE-2016-5730 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5730
03 Jul 2016 — phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y ... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 2%CPEs: 64EXPL: 0CVE-2016-2560 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2560
01 Mar 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/contro... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2016-2559
https://notcve.org/view.php?id=CVE-2016-2559
01 Mar 2016 — Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. Vulnerabilidad de XSS en la función format en libraries/sql-parser/src/Utils/Error.php en el intérprete SQL en phpMyAdmin 4.5.x en versiones anteriores a 4.5.5.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2016-2562
https://notcve.org/view.php?id=CVE-2016-2562
01 Mar 2016 — The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. La función checkHTTP en libraries/Config.class.php en phpMyAdmin 4.5.x en versiones anteriores a 4.5.5.1 no verifica certificados X.509 desde los servidores SSL de api.github.com, lo que permite a atacantes man-in-the-middle suplant... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html • CWE-20: Improper Input Validation •