CVSS: 4.4EPSS: 0%CPEs: 28EXPL: 0CVE-2016-4412
https://notcve.org/view.php?id=CVE-2016-4412
An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/94519 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-57 • CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2016-6615
https://notcve.org/view.php?id=CVE-2016-6615
XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. Se descubrieron problemas de XSS en phpMyAdmin. Esto afecta al panel de navegación y a la función de ocultación de base de datos/tabla (un nombre de base de datos especialmente manipulado se puede utilizar para desencadenar un ataque XSS); la funcionalidad "Tracking" (una consulta especialmente manipulada se puede utilizar para desencadenar un ataque XSS); y la funcionalidad de visualización GIS. • http://www.securityfocus.com/bid/95041 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-38 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6628
https://notcve.org/view.php?id=CVE-2016-6628
An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede ser capaz de activar a un usuario para descargar un archivo SVG malicioso especialmente manipulado. • http://www.securityfocus.com/bid/92492 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-51 • CWE-254: 7PK - Security Features •
CVSS: 5.9EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9860
https://notcve.org/view.php?id=CVE-2016-9860
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado puede ejecutar un ataque de denegación de servicio cuando phpMyAdmin se ejecuta con $cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/94525 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-65 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9856
https://notcve.org/view.php?id=CVE-2016-9856
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema XSS en phpMyAdmin debido a una corrección incorrecta para la CVE-2016-2559 en PMASA-2016-10. Este problema se resuelve utilizando una copia de un hash para evitar una condición de carrera. • http://www.securityfocus.com/bid/94530 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-64 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •