CVSS: 8.1EPSS: 2%CPEs: 60EXPL: 0CVE-2016-6633 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6633
11 Dec 2016 — An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. phpMyAdmin puede ser utilizado para desencadenar un ataque remoto de ejecución de código contra ciertas instalaciones PHP que se ejecutan con la extensión dbase. To... • http://www.securityfocus.com/bid/92500 •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6610 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6610
11 Dec 2016 — A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Una vulnerabilidad de divulgación de ruta completa se descubrió en phpMyAdmin donde un usuario puede desencadenar un error particular en el mecanismo de exportación para descubrir la ruta completa d... • http://www.securityfocus.com/bid/94118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6624 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6624
11 Dec 2016 — An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin q... • http://www.securityfocus.com/bid/92489 • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6625 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6625
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92491 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 1%CPEs: 63EXPL: 0CVE-2016-9860 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9860
11 Dec 2016 — An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado puede ejecutar un ataque de denegación de servicio cuando phpMyAdmin se ejecuta con $cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6623 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6623
11 Dec 2016 — An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autorizado puede provocar una ataque de denegación de servicio (DoS) en un servidor pasando valores grandes en un bucle. • http://www.securityfocus.com/bid/95052 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 4%CPEs: 60EXPL: 0CVE-2016-6631 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6631
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92496 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9859 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9859
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de importación. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6627 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6627
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede determinar la localización del host phpMyAdmin a través del archivo url.php. • http://www.securityfocus.com/bid/92494 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9852 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9852
11 Dec 2016 — An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE... • http://www.securityfocus.com/bid/94527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •