CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2016-6607
https://notcve.org/view.php?id=CVE-2016-6607
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrieron problemas de XSS en phpMyAdmin. Esto afecta a la búsqueda de Zoom (contenido de columna especialmente manipulado puede ser utilizado para desencadenar un ataque XSS); GIS editor (ciertos campos en el gráfico GIS editor no se evaden adecuadamente y puede ser utilizado para desencadenar un ataque XSS); Relation view; las siguientes transformaciones: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline y transformation wrapper; XML export; MediaWiki export; Designer; Cuando el servidor MySQL se ejecuta con una directiva log_bin especialmente manipulada; pestaña de base de datos; función de replicación; y búsqueda de base de datos. • http://www.securityfocus.com/bid/93257 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6627
https://notcve.org/view.php?id=CVE-2016-6627
An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede determinar la localización del host phpMyAdmin a través del archivo url.php. • http://www.securityfocus.com/bid/92494 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-50 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6609
https://notcve.org/view.php?id=CVE-2016-6609
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de base de datos especialmente manipulado podría ser utilizado para ejecutar comandos PHP arbitrarios a través de la función de exportación del array. • http://www.securityfocus.com/bid/94112 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-32 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6623
https://notcve.org/view.php?id=CVE-2016-6623
An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autorizado puede provocar una ataque de denegación de servicio (DoS) en un servidor pasando valores grandes en un bucle. • http://www.securityfocus.com/bid/95052 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-46 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9866
https://notcve.org/view.php?id=CVE-2016-9866
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Cuando el arg_separator es diferente de su valor predeterminado, el token CSRF no sé eliminó correctamente de la URL de retorno de la acción de importación de preferencias. • http://www.securityfocus.com/bid/94536 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-71 • CWE-352: Cross-Site Request Forgery (CSRF) •