Page 11 of 88 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-9862

https://notcve.org/view.php?id=CVE-2016-9862

An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. Se descubrió un problema en phpMyAdmin. Con una solicitud de inicio de sesión manipulada es posible inyectar BBCode en la página de inicio de sesión. • http://www.securityfocus.com/bid/94528 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-67 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0

CVE-2016-6632

https://notcve.org/view.php?id=CVE-2016-6632

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin donde, bajo ciertas condiciones, phpMyAdmin no puede eliminar archivos temporales durante la importación de archivos ESRI. Todas las versiones 4.6.x (anteriores a 4.6.4), versiones 4.4.x (anteriores a 4.4.15.8) y versiones 4.0.x (anteriores a 4.0.10.17) están afectadas. • http://www.securityfocus.com/bid/92497 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-55 • CWE-399: Resource Management Errors •

CVSS: 5.9EPSS: 0%CPEs: 63EXPL: 0

CVE-2016-9860

https://notcve.org/view.php?id=CVE-2016-9860

An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado puede ejecutar un ataque de denegación de servicio cuando phpMyAdmin se ejecuta con $cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/94525 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-65 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0

CVE-2016-9866

https://notcve.org/view.php?id=CVE-2016-9866

An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Cuando el arg_separator es diferente de su valor predeterminado, el token CSRF no sé eliminó correctamente de la URL de retorno de la acción de importación de preferencias. • http://www.securityfocus.com/bid/94536 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-71 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0

CVE-2016-6627

https://notcve.org/view.php?id=CVE-2016-6627

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede determinar la localización del host phpMyAdmin a través del archivo url.php. • http://www.securityfocus.com/bid/92494 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-50 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •