Page 7 of 84 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0

CVE-2016-6625

https://notcve.org/view.php?id=CVE-2016-6625

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92491 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0

CVE-2016-9848

https://notcve.org/view.php?id=CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. phpinfo (phpinfo.php) muestra información PHP incluyendo valores de cookies HttpOnly. Todas las versiones 4.6.x (anteriores a 4.6.5), versiones 4.4.x (anteriores a 4.4.15.9) y versiones 4.0.x (anteriores a 4.0.10.18) están afectadas. • http://www.securityfocus.com/bid/94523 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-59 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0

CVE-2016-9849

https://notcve.org/view.php?id=CVE-2016-9849

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Es posible eludir la restricción AllowRoot ($cfg['Servers'][$i]['AllowRoot']) y denegar reglas para nombres de usuario usando Null Byte en el nombre de usuario. • http://www.securityfocus.com/bid/94521 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-60 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 60EXPL: 0

CVE-2016-6626

https://notcve.org/view.php?id=CVE-2016-6626

An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante podría redirigir a un usuario a una página web maliciosa. • http://www.securityfocus.com/bid/92490 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-49 • CWE-254: 7PK - Security Features •

CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0

CVE-2016-9859

https://notcve.org/view.php?id=CVE-2016-9859

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de importación. • http://www.securityfocus.com/bid/94525 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-65 • CWE-20: Improper Input Validation •