CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6622
https://notcve.org/view.php?id=CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado es capaz de ejecutar un ataque de denegación de servicio (DoS) forzando las conexiones persistentes cuando phpMyAdmin se está ejecutando con cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/95049 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-45 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9861
https://notcve.org/view.php?id=CVE-2016-9861
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Debido a la limitación en la coincidencia de URL, fue posible eludir la protección de lista blanca URL. • http://www.securityfocus.com/bid/94535 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-66 • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9847
https://notcve.org/view.php?id=CVE-2016-9847
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. • http://www.securityfocus.com/bid/94524 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-58 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6612
https://notcve.org/view.php?id=CVE-2016-6612
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario puede explotar la funcionalidad LOAD LOCAL INFILE para exponer los archivos del servidor al sistema de base de datos. • http://www.securityfocus.com/bid/94113 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-35 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6626
https://notcve.org/view.php?id=CVE-2016-6626
An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante podría redirigir a un usuario a una página web maliciosa. • http://www.securityfocus.com/bid/92490 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-49 • CWE-254: 7PK - Security Features •