CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2016-6616 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6616
11 Dec 2016 — An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. Se descubrió un problema en phpMyAdmin. En las funciones "User group" y "Designer", un usuario puede ejecutar un ataque de inyección SQL contra la cuenta del usuario de control. • http://www.securityfocus.com/bid/95042 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9853 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9853
11 Dec 2016 — An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE... • http://www.securityfocus.com/bid/94527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 60EXPL: 0CVE-2016-6620 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6620
11 Dec 2016 — An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/95055 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6623 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6623
11 Dec 2016 — An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autorizado puede provocar una ataque de denegación de servicio (DoS) en un servidor pasando valores grandes en un bucle. • http://www.securityfocus.com/bid/95052 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6610 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6610
11 Dec 2016 — A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Una vulnerabilidad de divulgación de ruta completa se descubrió en phpMyAdmin donde un usuario puede desencadenar un error particular en el mecanismo de exportación para descubrir la ruta completa d... • http://www.securityfocus.com/bid/94118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6612 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6612
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario puede explotar la funcionalidad LOAD LOCAL INFILE para exponer los archivos del servidor al sistema de base de datos. • http://www.securityfocus.com/bid/94113 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9854 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9854
11 Dec 2016 — An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE... • http://www.securityfocus.com/bid/94527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6614 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6614
11 Dec 2016 — An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin que implicaba la funcionalidad de reemplazo del nombre de usuario %u de l... • http://www.securityfocus.com/bid/94366 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9860 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9860
11 Dec 2016 — An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado puede ejecutar un ataque de denegación de servicio cuando phpMyAdmin se ejecuta con $cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6630 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6630
11 Dec 2016 — An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autenticado puede desencadenar un ataque de denegación de servicio (DoS) al introducir una contraseña muy larga en el cuadro de diálogo de cambio de contraseña. • http://www.securityfocus.com/bid/92501 • CWE-20: Improper Input Validation •