CVSS: 9.1EPSS: 0%CPEs: 31EXPL: 0CVE-2015-6830 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-6830
14 Sep 2015 — libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. Vulnerabilidad en libraries/plugins/auth/AuthenticationCookie.class.php en phpMyAdmin 4.3.x en versiones anteriores a 4.3.13.2 y 4.4.x en versiones anteriores a 4.4.14.1, permite a atacantes remotos eludir un mecanismo de pro... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 56EXPL: 0CVE-2015-3902 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-3902
26 May 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file. Múltiples vulnerabilidades de CSRF en el proceso de montaje en phpMyAdmin 4.0.x anterior a 4.0.10.10, 4.2.x anterior a 4.2.13.3, 4.3.x anterior a 4.3.13.1, y 4.4.x anterior a 4.4.6.1 permiten a atacantes ... • http://lists.opensuse.org/opensuse-updates/2015-07/msg00008.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 56EXPL: 2CVE-2015-3903 – phpMyAdmin 4.4.6 Man-In-The-Middle
https://notcve.org/view.php?id=CVE-2015-3903
14 May 2015 — libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. libraries/Config.class.php en phpMyAdmin 4.0.x anterior a 4.0.10.10, 4.2.x anterior a 4.2.13.3, 4.3.x anterior a 4.3.13.1, y 4.4.x anterior a 4.4.6.1 deshabilita la verificación de los ce... • http://cxsecurity.com/issue/WLB-2015050095 • CWE-310: Cryptographic Issues •