CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9858 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9858
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de búsquedas guardadas. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 28EXPL: 0CVE-2016-4412 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-4412
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/94519 • CWE-254: 7PK - Security Features •
CVSS: 8.1EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6606 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6606
11 Dec 2016 — An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but th... • http://www.securityfocus.com/bid/94114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9866 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9866
11 Dec 2016 — An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Cuando el arg_separator es diferente de su valor predeterminado, el token CSRF no sé eliminó correctamente de la URL de retorno de la acción de import... • http://www.securityfocus.com/bid/94536 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2016-6615 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6615
11 Dec 2016 — XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. Se descubrieron problemas de XSS en phpMyAdmin. Esto afecta al panel de navegación y a la función de ocultación de base de d... • http://www.securityfocus.com/bid/95041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9855 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9855
11 Dec 2016 — An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE... • http://www.securityfocus.com/bid/94527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2016-6616 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6616
11 Dec 2016 — An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. Se descubrió un problema en phpMyAdmin. En las funciones "User group" y "Designer", un usuario puede ejecutar un ataque de inyección SQL contra la cuenta del usuario de control. • http://www.securityfocus.com/bid/95042 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 1%CPEs: 33EXPL: 0CVE-2016-9853 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9853
11 Dec 2016 — An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE... • http://www.securityfocus.com/bid/94527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9848 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9848
11 Dec 2016 — An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. phpinfo (phpinfo.php) muestra información PHP incluyendo valores de cookies HttpOnly. Todas las versiones 4.6.x (anteriores a 4.6.5), versiones 4.4.x (anteriores a 4.4.15.9) y versiones 4.0.x (anteriores a 4.0.10.18) están a... • http://www.securityfocus.com/bid/94523 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9851 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9851
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible eludir el tiempo de espera de cierre de sesión. • http://www.securityfocus.com/bid/94534 • CWE-254: 7PK - Security Features •