CVSS: 5.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6626 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6626
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante podría redirigir a un usuario a una página web maliciosa. • http://www.securityfocus.com/bid/92490 • CWE-254: 7PK - Security Features •
CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6629 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6629
11 Dec 2016 — An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implica la directiva de configuración $cfg['ArbitraryServerRegexp']. Un atacante podría reutilizar ciertos valores de coo... • http://www.securityfocus.com/bid/92493 • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6630 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6630
11 Dec 2016 — An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autenticado puede desencadenar un ataque de denegación de servicio (DoS) al introducir una contraseña muy larga en el cuadro de diálogo de cambio de contraseña. • http://www.securityfocus.com/bid/92501 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9847 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9847
11 Dec 2016 — An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. • http://www.securityfocus.com/bid/94524 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9848 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9848
11 Dec 2016 — An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. phpinfo (phpinfo.php) muestra información PHP incluyendo valores de cookies HttpOnly. Todas las versiones 4.6.x (anteriores a 4.6.5), versiones 4.4.x (anteriores a 4.4.15.9) y versiones 4.0.x (anteriores a 4.0.10.18) están a... • http://www.securityfocus.com/bid/94523 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9849 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9849
11 Dec 2016 — An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Es posible eludir la restricción AllowRoot ($cfg['Servers'][$i]['AllowRoot']) y denegar reglas para nombres de usuario usando Null Byte en el nombre de usuario.... • http://www.securityfocus.com/bid/94521 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9856 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9856
11 Dec 2016 — An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema XSS en phpMyAdmin debido a una corrección incorrecta para la CVE-2016-2559 en PMASA-2016-10. Este problema se resuelve utilizando una copia de un hash para evitar una condición de... • http://www.securityfocus.com/bid/94530 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9857 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9857
11 Dec 2016 — An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. XSS es posible debido a una debilidad en una expresión regular utilizada en algún procesamiento JavaScript. • http://www.securityfocus.com/bid/94530 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9858 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9858
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de búsquedas guardadas. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9859 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9859
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de importación. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •