CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9847 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9847
11 Dec 2016 — An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. • http://www.securityfocus.com/bid/94524 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9865 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9865
11 Dec 2016 — An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Debido a un error en el análisis de cadenas serializado, fue posible eludir la protección ofrecida por la función PMA_safeUnserialize(). • http://www.securityfocus.com/bid/94531 • CWE-254: 7PK - Security Features CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6609 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6609
11 Dec 2016 — An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de base de datos especialmente manipulado podría ser utilizado para ejecutar comandos PHP arbitrarios a través de la función de exportación del array. • http://www.securityfocus.com/bid/94112 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6632 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6632
11 Dec 2016 — An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin donde, bajo ciertas condiciones, phpMyAdmin no puede eliminar archivos temporales durante la importación de archivos ESRI. Todas las versiones 4.6.x (anteriores a 4.6.4), versiones 4.4.x (anteriores a... • http://www.securityfocus.com/bid/92497 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9864 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9864
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) ar... • http://www.securityfocus.com/bid/94533 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9849 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9849
11 Dec 2016 — An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Es posible eludir la restricción AllowRoot ($cfg['Servers'][$i]['AllowRoot']) y denegar reglas para nombres de usuario usando Null Byte en el nombre de usuario.... • http://www.securityfocus.com/bid/94521 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 60EXPL: 0CVE-2016-6620 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6620
11 Dec 2016 — An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/95055 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6629 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6629
11 Dec 2016 — An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implica la directiva de configuración $cfg['ArbitraryServerRegexp']. Un atacante podría reutilizar ciertos valores de coo... • http://www.securityfocus.com/bid/92493 • CWE-254: 7PK - Security Features •
CVSS: 8.1EPSS: 0%CPEs: 64EXPL: 0CVE-2016-6611 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6611
11 Dec 2016 — An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de tabla y/o de base de datos especialmente manipulada puede ser utilizado para desencadenar un ataque de inyección SQL a través de la funcionalidad de exportación. • http://www.securityfocus.com/bid/94117 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 1%CPEs: 60EXPL: 0CVE-2016-6622 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6622
11 Dec 2016 — An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado es capaz de ejecutar un ataque de denegación de servicio (DoS) forzando las conexiones persistentes cua... • http://www.securityfocus.com/bid/95049 • CWE-399: Resource Management Errors •