CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6628 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6628
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede ser capaz de activar a un usuario para descargar un archivo SVG malicioso especialmente manipulado. • http://www.securityfocus.com/bid/92492 • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9847 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9847
11 Dec 2016 — An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. • http://www.securityfocus.com/bid/94524 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6613 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6613
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario puede manipular especialmente un enlace simbólico en disco, a un archivo que phpMyAdmin se le permite leer pero al usuario no, lo que... • http://www.securityfocus.com/bid/94115 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6618 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6618
11 Dec 2016 — An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. La característica de transformación permite a usuarios desencadenar una ataque de denegación de servicio (DoS) contra el servidor. • http://www.securityfocus.com/bid/95047 •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6619 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6619
11 Dec 2016 — An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. En la característica de preferencia de interfaz de usuario, un usuario puede ejecutar un ataque de inyección SQL contra la cuenta del usuario de control. • http://www.securityfocus.com/bid/95048 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6622 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6622
11 Dec 2016 — An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado es capaz de ejecutar un ataque de denegación de servicio (DoS) forzando las conexiones persistentes cua... • http://www.securityfocus.com/bid/95049 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9851 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9851
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible eludir el tiempo de espera de cierre de sesión. • http://www.securityfocus.com/bid/94534 • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6625 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6625
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92491 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2016-6615 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6615
11 Dec 2016 — XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. Se descubrieron problemas de XSS en phpMyAdmin. Esto afecta al panel de navegación y a la función de ocultación de base de d... • http://www.securityfocus.com/bid/95041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6606 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6606
11 Dec 2016 — An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but th... • http://www.securityfocus.com/bid/94114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •