Page 7 of 260 results (0.017 seconds)

CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0

An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autenticado puede desencadenar un ataque de denegación de servicio (DoS) al introducir una contraseña muy larga en el cuadro de diálogo de cambio de contraseña. • http://www.securityfocus.com/bid/92501 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-53 • CWE-20: Improper Input Validation •

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de tabla y/o de base de datos especialmente manipulada puede ser utilizado para desencadenar un ataque de inyección SQL a través de la funcionalidad de exportación. • http://www.securityfocus.com/bid/95044 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-40 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.1EPSS: 0%CPEs: 60EXPL: 0

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. • http://www.securityfocus.com/bid/94114 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-29 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •

CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implicaba una aplicación incorrecta de las reglas de autenticación basadas en IP. Cuando phpMyAdmin es utilizado con IPv6 en un entorno de servidor proxy, y el servidor proxy se encuentra en el rango permitido pero el ordenador atacante no está permitido, esta vulnerabilidad puede permitir al ordenador atacante conectar a pesar de las reglas IP. • http://www.securityfocus.com/bid/92489 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-47 • CWE-254: 7PK - Security Features •

CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implica la directiva de configuración $cfg['ArbitraryServerRegexp']. Un atacante podría reutilizar ciertos valores de cookie en una forma de eludir los servidores definidos por ArbitraryServerRegexp. • http://www.securityfocus.com/bid/92493 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-52 • CWE-254: 7PK - Security Features •