Page 12 of 268 results (0.010 seconds)

CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Es posible eludir la restricción AllowRoot ($cfg['Servers'][$i]['AllowRoot']) y denegar reglas para nombres de usuario usando Null Byte en el nombre de usuario. • http://www.securityfocus.com/bid/94521 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-60 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0

An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. La coincidencia de nombres de usuario para las reglas de permitir/denegar puede dar lugar a coincidencias erróneas y la detección del nombre de usuario en la regla debido al tiempo de ejecución no constante. • http://www.securityfocus.com/bid/94529 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-61 • CWE-254: 7PK - Security Features •

CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de importación. • http://www.securityfocus.com/bid/94525 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-65 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. Se descubrió un problema en phpMyAdmin. Con una petición muy grande para la función de particionamiento de tabla, es posible invocar un ataque de denegación de servicio (DoS). • http://www.securityfocus.com/bid/94526 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-68 • CWE-20: Improper Input Validation •

CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado es capaz de ejecutar un ataque de denegación de servicio (DoS) forzando las conexiones persistentes cuando phpMyAdmin se está ejecutando con cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/95049 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-45 • CWE-399: Resource Management Errors •