
CVE-2017-1000015
https://notcve.org/view.php?id=CVE-2017-1000015
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de inyección de tipo CSS por medio de parámetros cookies creados. • http://www.securityfocus.com/bid/95726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2017-1000014
https://notcve.org/view.php?id=CVE-2017-1000014
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de denegación de servicio (DOS) en la funcionalidad de table editing. • http://www.securityfocus.com/bid/95721 • CWE-20: Improper Input Validation •

CVE-2017-1000017
https://notcve.org/view.php?id=CVE-2017-1000017
13 Jul 2017 — phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server phpMyAdmin versiones 4.0, 4.4 y 4.6 son vulnerables a una debilidad donde un usuario con los permisos adecuados puede conectarse a un servidor MySQL arbitrario. • http://www.securityfocus.com/bid/95732 • CWE-918: Server-Side Request Forgery (SSRF) •

CVE-2017-1000018
https://notcve.org/view.php?id=CVE-2017-1000018
13 Jul 2017 — phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de tipo DOS en el estado de replicación al usar un nombre de tabla especialmente creado. • http://www.securityfocus.com/bid/95738 • CWE-20: Improper Input Validation •

CVE-2016-6621
https://notcve.org/view.php?id=CVE-2016-6621
31 Jan 2017 — The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. La secuencia de comandos de instalación para phpMyAdmin en versiones anteriores a 4.0.10.19, 4.4.x en versiones anteriores a 4.4.15.10 y 4.6.x en versiones anteriores a 4.6.6 permite a atacantes remotos realizar ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especific... • http://www.securityfocus.com/bid/95914 • CWE-918: Server-Side Request Forgery (SSRF) •

CVE-2016-6606 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6606
11 Dec 2016 — An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but th... • http://www.securityfocus.com/bid/94114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •

CVE-2016-9866 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9866
11 Dec 2016 — An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Cuando el arg_separator es diferente de su valor predeterminado, el token CSRF no sé eliminó correctamente de la URL de retorno de la acción de import... • http://www.securityfocus.com/bid/94536 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2016-6611 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6611
11 Dec 2016 — An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de tabla y/o de base de datos especialmente manipulada puede ser utilizado para desencadenar un ataque de inyección SQL a través de la funcionalidad de exportación. • http://www.securityfocus.com/bid/94117 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2016-6622 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6622
11 Dec 2016 — An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado es capaz de ejecutar un ataque de denegación de servicio (DoS) forzando las conexiones persistentes cua... • http://www.securityfocus.com/bid/95049 • CWE-399: Resource Management Errors •

CVE-2016-6633 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6633
11 Dec 2016 — An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. phpMyAdmin puede ser utilizado para desencadenar un ataque remoto de ejecución de código contra ciertas instalaciones PHP que se ejecutan con la extensión dbase. To... • http://www.securityfocus.com/bid/92500 •