CVSS: 5.9EPSS: 1%CPEs: 60EXPL: 0CVE-2016-6622 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6622
11 Dec 2016 — An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado es capaz de ejecutar un ataque de denegación de servicio (DoS) forzando las conexiones persistentes cua... • http://www.securityfocus.com/bid/95049 • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 2%CPEs: 60EXPL: 0CVE-2016-6633 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6633
11 Dec 2016 — An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. phpMyAdmin puede ser utilizado para desencadenar un ataque remoto de ejecución de código contra ciertas instalaciones PHP que se ejecutan con la extensión dbase. To... • http://www.securityfocus.com/bid/92500 •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6610 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6610
11 Dec 2016 — A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Una vulnerabilidad de divulgación de ruta completa se descubrió en phpMyAdmin donde un usuario puede desencadenar un error particular en el mecanismo de exportación para descubrir la ruta completa d... • http://www.securityfocus.com/bid/94118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6624 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6624
11 Dec 2016 — An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin q... • http://www.securityfocus.com/bid/92489 • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6625 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6625
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92491 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 1%CPEs: 63EXPL: 0CVE-2016-9860 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9860
11 Dec 2016 — An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado puede ejecutar un ataque de denegación de servicio cuando phpMyAdmin se ejecuta con $cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6623 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6623
11 Dec 2016 — An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autorizado puede provocar una ataque de denegación de servicio (DoS) en un servidor pasando valores grandes en un bucle. • http://www.securityfocus.com/bid/95052 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 4%CPEs: 60EXPL: 0CVE-2016-6631 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6631
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92496 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9859 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9859
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de importación. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6627 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6627
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede determinar la localización del host phpMyAdmin a través del archivo url.php. • http://www.securityfocus.com/bid/92494 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •