CVSS: 9.8EPSS: 1%CPEs: 60EXPL: 0CVE-2016-6620 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6620
11 Dec 2016 — An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/95055 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6623 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6623
11 Dec 2016 — An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autorizado puede provocar una ataque de denegación de servicio (DoS) en un servidor pasando valores grandes en un bucle. • http://www.securityfocus.com/bid/95052 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6610 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6610
11 Dec 2016 — A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Una vulnerabilidad de divulgación de ruta completa se descubrió en phpMyAdmin donde un usuario puede desencadenar un error particular en el mecanismo de exportación para descubrir la ruta completa d... • http://www.securityfocus.com/bid/94118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6612 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6612
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario puede explotar la funcionalidad LOAD LOCAL INFILE para exponer los archivos del servidor al sistema de base de datos. • http://www.securityfocus.com/bid/94113 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6614 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6614
11 Dec 2016 — An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implicaba la funcionalidad de reemplazo del nombre de usuario %u de l... • http://www.securityfocus.com/bid/94366 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9860 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9860
11 Dec 2016 — An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado puede ejecutar un ataque de denegación de servicio cuando phpMyAdmin se ejecuta con $cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6630 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6630
11 Dec 2016 — An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autenticado puede desencadenar un ataque de denegación de servicio (DoS) al introducir una contraseña muy larga en el cuadro de diálogo de cambio de contraseña. • http://www.securityfocus.com/bid/92501 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 28EXPL: 0CVE-2016-4412 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-4412
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/94519 • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6627 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6627
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede determinar la localización del host phpMyAdmin a través del archivo url.php. • http://www.securityfocus.com/bid/92494 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9857 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9857
11 Dec 2016 — An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. XSS es posible debido a una debilidad en una expresión regular utilizada en algún procesamiento JavaScript. • http://www.securityfocus.com/bid/94530 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •