CVSS: 6.1EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000013
https://notcve.org/view.php?id=CVE-2017-1000013
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de redireccionamiento abierta. • http://www.securityfocus.com/bid/95720 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 1%CPEs: 70EXPL: 0CVE-2017-1000014
https://notcve.org/view.php?id=CVE-2017-1000014
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de denegación de servicio (DOS) en la funcionalidad de table editing. • http://www.securityfocus.com/bid/95721 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000015
https://notcve.org/view.php?id=CVE-2017-1000015
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de inyección de tipo CSS por medio de parámetros cookies creados. • http://www.securityfocus.com/bid/95726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1000016
https://notcve.org/view.php?id=CVE-2017-1000016
13 Jul 2017 — A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. Se detectó una debilidad en la que un atacante puede inyectar valores arbitrarios en las cookies del navegador. Esta es una reedición de una solución incompleta de PMASA-2016-18. • https://www.phpmyadmin.net/security/PMASA-2017-5 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-1000017
https://notcve.org/view.php?id=CVE-2017-1000017
13 Jul 2017 — phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server phpMyAdmin versiones 4.0, 4.4 y 4.6 son vulnerables a una debilidad donde un usuario con los permisos adecuados puede conectarse a un servidor MySQL arbitrario. • http://www.securityfocus.com/bid/95732 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2017-1000018
https://notcve.org/view.php?id=CVE-2017-1000018
13 Jul 2017 — phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de tipo DOS en el estado de replicación al usar un nombre de tabla especialmente creado. • http://www.securityfocus.com/bid/95738 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2016-6621
https://notcve.org/view.php?id=CVE-2016-6621
31 Jan 2017 — The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. La secuencia de comandos de instalación para phpMyAdmin en versiones anteriores a 4.0.10.19, 4.4.x en versiones anteriores a 4.4.15.10 y 4.6.x en versiones anteriores a 4.6.6 permite a atacantes remotos realizar ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especific... • http://www.securityfocus.com/bid/95914 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6606 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6606
11 Dec 2016 — An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but th... • http://www.securityfocus.com/bid/94114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2016-6607 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6607
11 Dec 2016 — XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted... • http://www.securityfocus.com/bid/93257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6608 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6608
11 Dec 2016 — XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected. Se descubrieron problemas de XSS en phpMyAdmin. • http://www.securityfocus.com/bid/93258 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •