CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9858
https://notcve.org/view.php?id=CVE-2016-9858
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de búsquedas guardadas. • http://www.securityfocus.com/bid/94525 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-65 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9857
https://notcve.org/view.php?id=CVE-2016-9857
An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. XSS es posible debido a una debilidad en una expresión regular utilizada en algún procesamiento JavaScript. • http://www.securityfocus.com/bid/94530 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-64 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9865
https://notcve.org/view.php?id=CVE-2016-9865
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Debido a un error en el análisis de cadenas serializado, fue posible eludir la protección ofrecida por la función PMA_safeUnserialize(). • http://www.securityfocus.com/bid/94531 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-70 • CWE-254: 7PK - Security Features CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6606
https://notcve.org/view.php?id=CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. • http://www.securityfocus.com/bid/94114 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-29 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2016-6607
https://notcve.org/view.php?id=CVE-2016-6607
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrieron problemas de XSS en phpMyAdmin. Esto afecta a la búsqueda de Zoom (contenido de columna especialmente manipulado puede ser utilizado para desencadenar un ataque XSS); GIS editor (ciertos campos en el gráfico GIS editor no se evaden adecuadamente y puede ser utilizado para desencadenar un ataque XSS); Relation view; las siguientes transformaciones: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline y transformation wrapper; XML export; MediaWiki export; Designer; Cuando el servidor MySQL se ejecuta con una directiva log_bin especialmente manipulada; pestaña de base de datos; función de replicación; y búsqueda de base de datos. • http://www.securityfocus.com/bid/93257 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •