CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2016-6621
https://notcve.org/view.php?id=CVE-2016-6621
31 Jan 2017 — The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. La secuencia de comandos de instalación para phpMyAdmin en versiones anteriores a 4.0.10.19, 4.4.x en versiones anteriores a 4.4.15.10 y 4.6.x en versiones anteriores a 4.6.6 permite a atacantes remotos realizar ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especific... • http://www.securityfocus.com/bid/95914 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9861 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9861
11 Dec 2016 — An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Debido a la limitación en la coincidencia de URL, fue posible eludir la protección de lista blanca URL. • http://www.securityfocus.com/bid/94535 • CWE-254: 7PK - Security Features •
CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6624 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6624
11 Dec 2016 — An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin q... • http://www.securityfocus.com/bid/92489 • CWE-254: 7PK - Security Features •
CVSS: 5.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6626 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6626
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante podría redirigir a un usuario a una página web maliciosa. • http://www.securityfocus.com/bid/92490 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9865 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9865
11 Dec 2016 — An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Debido a un error en el análisis de cadenas serializado, fue posible eludir la protección ofrecida por la función PMA_safeUnserialize(). • http://www.securityfocus.com/bid/94531 • CWE-254: 7PK - Security Features CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6629 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6629
11 Dec 2016 — An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implica la directiva de configuración $cfg['ArbitraryServerRegexp']. Un atacante podría reutilizar ciertos valores de coo... • http://www.securityfocus.com/bid/92493 • CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6608 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6608
11 Dec 2016 — XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected. Se descubrieron problemas de XSS en phpMyAdmin. • http://www.securityfocus.com/bid/93258 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 3%CPEs: 60EXPL: 0CVE-2016-6633 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6633
11 Dec 2016 — An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. phpMyAdmin puede ser utilizado para desencadenar un ataque remoto de ejecución de código contra ciertas instalaciones PHP que se ejecutan con la extensión dbase. To... • http://www.securityfocus.com/bid/92500 •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6609 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6609
11 Dec 2016 — An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de base de datos especialmente manipulado podría ser utilizado para ejecutar comandos PHP arbitrarios a través de la función de exportación del array. • http://www.securityfocus.com/bid/94112 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9850 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9850
11 Dec 2016 — An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. La coincidencia de nombres de usuario para las reglas de permitir/denegar puede dar lugar a coincidencias erróneas y la detección del nombre de usuario en la... • http://www.securityfocus.com/bid/94529 • CWE-254: 7PK - Security Features •