CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6628 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6628
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede ser capaz de activar a un usuario para descargar un archivo SVG malicioso especialmente manipulado. • http://www.securityfocus.com/bid/92492 • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9847 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9847
11 Dec 2016 — An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. • http://www.securityfocus.com/bid/94524 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6613 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6613
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario puede manipular especialmente un enlace simbólico en disco, a un archivo que phpMyAdmin se le permite leer pero al usuario no, lo que... • http://www.securityfocus.com/bid/94115 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6618 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6618
11 Dec 2016 — An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. La característica de transformación permite a usuarios desencadenar una ataque de denegación de servicio (DoS) contra el servidor. • http://www.securityfocus.com/bid/95047 •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6619 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6619
11 Dec 2016 — An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. En la característica de preferencia de interfaz de usuario, un usuario puede ejecutar un ataque de inyección SQL contra la cuenta del usuario de control. • http://www.securityfocus.com/bid/95048 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6622 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6622
11 Dec 2016 — An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado es capaz de ejecutar un ataque de denegación de servicio (DoS) forzando las conexiones persistentes cua... • http://www.securityfocus.com/bid/95049 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6625 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6625
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92491 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6606 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6606
11 Dec 2016 — An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but th... • http://www.securityfocus.com/bid/94114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2016-6607 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6607
11 Dec 2016 — XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted... • http://www.securityfocus.com/bid/93257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9866 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9866
11 Dec 2016 — An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Cuando el arg_separator es diferente de su valor predeterminado, el token CSRF no sé eliminó correctamente de la URL de retorno de la acción de import... • http://www.securityfocus.com/bid/94536 • CWE-352: Cross-Site Request Forgery (CSRF) •