Page 7 of 99 results (0.012 seconds)

CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implicaba una aplicación incorrecta de las reglas de autenticación basadas en IP. Cuando phpMyAdmin es utilizado con IPv6 en un entorno de servidor proxy, y el servidor proxy se encuentra en el rango permitido pero el ordenador atacante no está permitido, esta vulnerabilidad puede permitir al ordenador atacante conectar a pesar de las reglas IP. • http://www.securityfocus.com/bid/92489 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-47 • CWE-254: 7PK - Security Features •

CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implica la directiva de configuración $cfg['ArbitraryServerRegexp']. Un atacante podría reutilizar ciertos valores de cookie en una forma de eludir los servidores definidos por ArbitraryServerRegexp. • http://www.securityfocus.com/bid/92493 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-52 • CWE-254: 7PK - Security Features •

CVSS: 8.1EPSS: 5%CPEs: 60EXPL: 0

An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. phpMyAdmin puede ser utilizado para desencadenar un ataque remoto de ejecución de código contra ciertas instalaciones PHP que se ejecutan con la extensión dbase. Todas las versiones 4.6.x (anteriores a 4.6.4), versiones 4.4.x (anteriores a 4.4.15.8) y versiones 4.0.x (anteriores a 4.0.10.17) están afectadas. • http://www.securityfocus.com/bid/92500 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-56 •

CVSS: 8.5EPSS: 1%CPEs: 60EXPL: 0

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92496 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-54 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0

An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. En la característica de preferencia de interfaz de usuario, un usuario puede ejecutar un ataque de inyección SQL contra la cuenta del usuario de control. • http://www.securityfocus.com/bid/95048 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-42 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •