CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0CVE-2015-8669
https://notcve.org/view.php?id=CVE-2015-8669
26 Dec 2015 — libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. libraries/config/messages.inc.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.12, 4.4.x en versiones anteriores a 4.4.15.2 y 4.5.x en versiones anteriores a 4.5.3.1 permite a atacantes remotos obtener información sensible a través de una petición manipula... • http://lists.opensuse.org/opensuse-updates/2016-01/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2015-7873 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-7873
28 Oct 2015 — The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. La funcionalidad de redireccionado en url.php en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.1 y 4.5.x en versiones anteriores a 4.5.1 permite a atacantes remotos suplantar contenido a través de un parámetro url. Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html • CWE-254: 7PK - Security Features •
CVSS: 9.1EPSS: 0%CPEs: 31EXPL: 0CVE-2015-6830 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-6830
14 Sep 2015 — libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. Vulnerabilidad en libraries/plugins/auth/AuthenticationCookie.class.php en phpMyAdmin 4.3.x en versiones anteriores a 4.3.13.2 y 4.4.x en versiones anteriores a 4.4.14.1, permite a atacantes remotos eludir un mecanismo de pro... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 56EXPL: 0CVE-2015-3902 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-3902
26 May 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file. Múltiples vulnerabilidades de CSRF en el proceso de montaje en phpMyAdmin 4.0.x anterior a 4.0.10.10, 4.2.x anterior a 4.2.13.3, 4.3.x anterior a 4.3.13.1, y 4.4.x anterior a 4.4.6.1 permiten a atacantes ... • http://lists.opensuse.org/opensuse-updates/2015-07/msg00008.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 2CVE-2015-3903 – phpMyAdmin 4.4.6 Man-In-The-Middle
https://notcve.org/view.php?id=CVE-2015-3903
14 May 2015 — libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. libraries/Config.class.php en phpMyAdmin 4.0.x anterior a 4.0.10.10, 4.2.x anterior a 4.2.13.3, 4.3.x anterior a 4.3.13.1, y 4.4.x anterior a 4.4.6.1 deshabilita la verificación de los ce... • http://cxsecurity.com/issue/WLB-2015050095 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 57EXPL: 0CVE-2015-2206 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-2206
09 Mar 2015 — libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. libraries/select_lang.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.9, 4.2.x anterior a 4.2.13.2, y 4.3.x anterior a 4.3.11.1 incluye... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151331.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 20%CPEs: 53EXPL: 4CVE-2014-9218 – phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service
https://notcve.org/view.php?id=CVE-2014-9218
08 Dec 2014 — libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. libraries/common.inc.php en phpMyAdmin 4.0.x anterior a 4.0.10.7, 4.1.x anterior a 4.1.14.8, y 4.2.x anterior a 4.2.13.1 permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de una contraseña larga. Multiple vulnerabilities has been discovered and corrected in lib... • https://www.exploit-db.com/exploits/35539 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 1CVE-2014-9219 – Mandriva Linux Security Advisory 2014-243
https://notcve.org/view.php?id=CVE-2014-9219
08 Dec 2014 — Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de XSS en la caracteristica de redirección en url.php en phpMyAdmin 4.2.x anterior a 4.2.13.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro url. Multiple vulnerabilities has been discovered and corrected in libraries/common.inc.php in p... • http://www.mandriva.com/security/advisories?name=MDVSA-2014:243 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 1CVE-2014-8960 – Mandriva Linux Security Advisory 2014-228
https://notcve.org/view.php?id=CVE-2014-8960
26 Nov 2014 — Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Vulnerabilidad de XSS en libraries/error_report.lib.php en la caracteristica de informe de errores en phpMyAdmin 4.1.x anterior a 4.1.14.7 y 4.2.x anterior a 4.2.12 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a... • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 59EXPL: 1CVE-2014-8959 – Mandriva Linux Security Advisory 2014-228
https://notcve.org/view.php?id=CVE-2014-8959
26 Nov 2014 — Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. Vulnerabilidad de salto de directorio en libraries/gis/GIS_Factory.class.php en el editor GIS en phpMyAdmin 4.0.x anterior a 4.0.10.6, 4.1.x anterior a 4.1.14.7, y 4.2.x anterior a 4.2.12 permite a usuarios remotos aute... • http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •