CVE-2016-6627
https://notcve.org/view.php?id=CVE-2016-6627
An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede determinar la localización del host phpMyAdmin a través del archivo url.php. • http://www.securityfocus.com/bid/92494 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-50 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6609
https://notcve.org/view.php?id=CVE-2016-6609
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de base de datos especialmente manipulado podría ser utilizado para ejecutar comandos PHP arbitrarios a través de la función de exportación del array. • http://www.securityfocus.com/bid/94112 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-32 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-6623
https://notcve.org/view.php?id=CVE-2016-6623
An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autorizado puede provocar una ataque de denegación de servicio (DoS) en un servidor pasando valores grandes en un bucle. • http://www.securityfocus.com/bid/95052 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-46 • CWE-20: Improper Input Validation •
CVE-2016-9866
https://notcve.org/view.php?id=CVE-2016-9866
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Cuando el arg_separator es diferente de su valor predeterminado, el token CSRF no sé eliminó correctamente de la URL de retorno de la acción de importación de preferencias. • http://www.securityfocus.com/bid/94536 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-71 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-6625
https://notcve.org/view.php?id=CVE-2016-6625
An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92491 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •