CVSS: 6.1EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000013
https://notcve.org/view.php?id=CVE-2017-1000013
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de redireccionamiento abierta. • http://www.securityfocus.com/bid/95720 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1000016
https://notcve.org/view.php?id=CVE-2017-1000016
13 Jul 2017 — A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. Se detectó una debilidad en la que un atacante puede inyectar valores arbitrarios en las cookies del navegador. Esta es una reedición de una solución incompleta de PMASA-2016-18. • https://www.phpmyadmin.net/security/PMASA-2017-5 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1000018
https://notcve.org/view.php?id=CVE-2017-1000018
13 Jul 2017 — phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de tipo DOS en el estado de replicación al usar un nombre de tabla especialmente creado. • http://www.securityfocus.com/bid/95738 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2016-6621
https://notcve.org/view.php?id=CVE-2016-6621
31 Jan 2017 — The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. La secuencia de comandos de instalación para phpMyAdmin en versiones anteriores a 4.0.10.19, 4.4.x en versiones anteriores a 4.4.15.10 y 4.6.x en versiones anteriores a 4.6.6 permite a atacantes remotos realizar ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especific... • http://www.securityfocus.com/bid/95914 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9861 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9861
11 Dec 2016 — An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Debido a la limitación en la coincidencia de URL, fue posible eludir la protección de lista blanca URL. • http://www.securityfocus.com/bid/94535 • CWE-254: 7PK - Security Features •
CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6624 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6624
11 Dec 2016 — An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin q... • http://www.securityfocus.com/bid/92489 • CWE-254: 7PK - Security Features •
CVSS: 5.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6626 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6626
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante podría redirigir a un usuario a una página web maliciosa. • http://www.securityfocus.com/bid/92490 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9865 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9865
11 Dec 2016 — An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Debido a un error en el análisis de cadenas serializado, fue posible eludir la protección ofrecida por la función PMA_safeUnserialize(). • http://www.securityfocus.com/bid/94531 • CWE-254: 7PK - Security Features CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6629 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6629
11 Dec 2016 — An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implica la directiva de configuración $cfg['ArbitraryServerRegexp']. Un atacante podría reutilizar ciertos valores de coo... • http://www.securityfocus.com/bid/92493 • CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6608 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6608
11 Dec 2016 — XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected. Se descubrieron problemas de XSS en phpMyAdmin. • http://www.securityfocus.com/bid/93258 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •