CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2038
https://notcve.org/view.php?id=CVE-2016-2038
20 Feb 2016 — phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permite a atacantes remotos obtener información sensible a través de una petición manipulada, lo cual revela la ruta completa en un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2040 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2040
20 Feb 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permiten a usuarios remotos autenticado... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2016-1927 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-1927
20 Feb 2016 — The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. La función suggestPassword en js/functions.js en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 se basa en la función Math.random JavaScript, lo que hace q... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-254: 7PK - Security Features CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2039 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2039
20 Feb 2016 — libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. libraries/session.inc.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 no genera adecuadamente valores de token CSRF, lo que permite a atacantes remotos eludir las restric... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2041 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2041
20 Feb 2016 — libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. libraries/common.inc.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 no utiliza un algoritmo de tiempo constante para comparar tok... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0CVE-2015-8669
https://notcve.org/view.php?id=CVE-2015-8669
26 Dec 2015 — libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. libraries/config/messages.inc.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.12, 4.4.x en versiones anteriores a 4.4.15.2 y 4.5.x en versiones anteriores a 4.5.3.1 permite a atacantes remotos obtener información sensible a través de una petición manipula... • http://lists.opensuse.org/opensuse-updates/2016-01/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 56EXPL: 0CVE-2015-3902 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-3902
26 May 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file. Múltiples vulnerabilidades de CSRF en el proceso de montaje en phpMyAdmin 4.0.x anterior a 4.0.10.10, 4.2.x anterior a 4.2.13.3, 4.3.x anterior a 4.3.13.1, y 4.4.x anterior a 4.4.6.1 permiten a atacantes ... • http://lists.opensuse.org/opensuse-updates/2015-07/msg00008.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 2CVE-2015-3903 – phpMyAdmin 4.4.6 Man-In-The-Middle
https://notcve.org/view.php?id=CVE-2015-3903
14 May 2015 — libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. libraries/Config.class.php en phpMyAdmin 4.0.x anterior a 4.0.10.10, 4.2.x anterior a 4.2.13.3, 4.3.x anterior a 4.3.13.1, y 4.4.x anterior a 4.4.6.1 deshabilita la verificación de los ce... • http://cxsecurity.com/issue/WLB-2015050095 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 57EXPL: 0CVE-2015-2206 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-2206
09 Mar 2015 — libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. libraries/select_lang.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.9, 4.2.x anterior a 4.2.13.2, y 4.3.x anterior a 4.3.11.1 incluye... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151331.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 20%CPEs: 53EXPL: 4CVE-2014-9218 – phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service
https://notcve.org/view.php?id=CVE-2014-9218
08 Dec 2014 — libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. libraries/common.inc.php en phpMyAdmin 4.0.x anterior a 4.0.10.7, 4.1.x anterior a 4.1.14.8, y 4.2.x anterior a 4.2.13.1 permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de una contraseña larga. Multiple vulnerabilities has been discovered and corrected in lib... • https://www.exploit-db.com/exploits/35539 • CWE-399: Resource Management Errors •