CVSS: 7.5EPSS: 1%CPEs: 70EXPL: 0CVE-2017-1000014
https://notcve.org/view.php?id=CVE-2017-1000014
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de denegación de servicio (DOS) en la funcionalidad de table editing. • http://www.securityfocus.com/bid/95721 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000015
https://notcve.org/view.php?id=CVE-2017-1000015
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de inyección de tipo CSS por medio de parámetros cookies creados. • http://www.securityfocus.com/bid/95726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-1000017
https://notcve.org/view.php?id=CVE-2017-1000017
13 Jul 2017 — phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server phpMyAdmin versiones 4.0, 4.4 y 4.6 son vulnerables a una debilidad donde un usuario con los permisos adecuados puede conectarse a un servidor MySQL arbitrario. • http://www.securityfocus.com/bid/95732 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2017-1000018
https://notcve.org/view.php?id=CVE-2017-1000018
13 Jul 2017 — phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de tipo DOS en el estado de replicación al usar un nombre de tabla especialmente creado. • http://www.securityfocus.com/bid/95738 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2016-6621
https://notcve.org/view.php?id=CVE-2016-6621
31 Jan 2017 — The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. La secuencia de comandos de instalación para phpMyAdmin en versiones anteriores a 4.0.10.19, 4.4.x en versiones anteriores a 4.4.15.10 y 4.6.x en versiones anteriores a 4.6.6 permite a atacantes remotos realizar ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especific... • http://www.securityfocus.com/bid/95914 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6606 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6606
11 Dec 2016 — An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but th... • http://www.securityfocus.com/bid/94114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2016-6607 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6607
11 Dec 2016 — XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted... • http://www.securityfocus.com/bid/93257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6609 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6609
11 Dec 2016 — An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de base de datos especialmente manipulado podría ser utilizado para ejecutar comandos PHP arbitrarios a través de la función de exportación del array. • http://www.securityfocus.com/bid/94112 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6610 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6610
11 Dec 2016 — A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Una vulnerabilidad de divulgación de ruta completa se descubrió en phpMyAdmin donde un usuario puede desencadenar un error particular en el mecanismo de exportación para descubrir la ruta completa d... • http://www.securityfocus.com/bid/94118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 64EXPL: 0CVE-2016-6611 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6611
11 Dec 2016 — An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de tabla y/o de base de datos especialmente manipulada puede ser utilizado para desencadenar un ataque de inyección SQL a través de la funcionalidad de exportación. • http://www.securityfocus.com/bid/94117 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •