CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9852 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9852
11 Dec 2016 — An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE... • http://www.securityfocus.com/bid/94527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9854 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9854
11 Dec 2016 — An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE... • http://www.securityfocus.com/bid/94527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9850 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9850
11 Dec 2016 — An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. La coincidencia de nombres de usuario para las reglas de permitir/denegar puede dar lugar a coincidencias erróneas y la detección del nombre de usuario en la... • http://www.securityfocus.com/bid/94529 • CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9856 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9856
11 Dec 2016 — An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema XSS en phpMyAdmin debido a una corrección incorrecta para la CVE-2016-2559 en PMASA-2016-10. Este problema se resuelve utilizando una copia de un hash para evitar una condición de... • http://www.securityfocus.com/bid/94530 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6618 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6618
11 Dec 2016 — An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. La característica de transformación permite a usuarios desencadenar una ataque de denegación de servicio (DoS) contra el servidor. • http://www.securityfocus.com/bid/95047 •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6613 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6613
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario puede manipular especialmente un enlace simbólico en disco, a un archivo que phpMyAdmin se le permite leer pero al usuario no, lo que... • http://www.securityfocus.com/bid/94115 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6626 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6626
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante podría redirigir a un usuario a una página web maliciosa. • http://www.securityfocus.com/bid/92490 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9862 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9862
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. Se descubrió un problema en phpMyAdmin. Con una solicitud de inicio de sesión manipulada es posible inyectar BBCode en la página de inicio de sesión. • http://www.securityfocus.com/bid/94528 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6610 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6610
11 Dec 2016 — A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Una vulnerabilidad de divulgación de ruta completa se descubrió en phpMyAdmin donde un usuario puede desencadenar un error particular en el mecanismo de exportación para descubrir la ruta completa d... • http://www.securityfocus.com/bid/94118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6624 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6624
11 Dec 2016 — An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin q... • http://www.securityfocus.com/bid/92489 • CWE-254: 7PK - Security Features •