CVE-2016-6628
https://notcve.org/view.php?id=CVE-2016-6628
An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede ser capaz de activar a un usuario para descargar un archivo SVG malicioso especialmente manipulado. • http://www.securityfocus.com/bid/92492 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-51 • CWE-254: 7PK - Security Features •
CVE-2016-9860
https://notcve.org/view.php?id=CVE-2016-9860
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado puede ejecutar un ataque de denegación de servicio cuando phpMyAdmin se ejecuta con $cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/94525 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-65 • CWE-20: Improper Input Validation •
CVE-2016-9856
https://notcve.org/view.php?id=CVE-2016-9856
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema XSS en phpMyAdmin debido a una corrección incorrecta para la CVE-2016-2559 en PMASA-2016-10. Este problema se resuelve utilizando una copia de un hash para evitar una condición de carrera. • http://www.securityfocus.com/bid/94530 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-64 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-9848
https://notcve.org/view.php?id=CVE-2016-9848
An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. phpinfo (phpinfo.php) muestra información PHP incluyendo valores de cookies HttpOnly. Todas las versiones 4.6.x (anteriores a 4.6.5), versiones 4.4.x (anteriores a 4.4.15.9) y versiones 4.0.x (anteriores a 4.0.10.18) están afectadas. • http://www.securityfocus.com/bid/94523 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-59 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9858
https://notcve.org/view.php?id=CVE-2016-9858
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de búsquedas guardadas. • http://www.securityfocus.com/bid/94525 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-65 • CWE-20: Improper Input Validation •