CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9861
https://notcve.org/view.php?id=CVE-2016-9861
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Debido a la limitación en la coincidencia de URL, fue posible eludir la protección de lista blanca URL. • http://www.securityfocus.com/bid/94535 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-66 • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9847
https://notcve.org/view.php?id=CVE-2016-9847
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. • http://www.securityfocus.com/bid/94524 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-58 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9855
https://notcve.org/view.php?id=CVE-2016-9855
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. • http://www.securityfocus.com/bid/94527 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-63 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9860
https://notcve.org/view.php?id=CVE-2016-9860
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Un usuario no autenticado puede ejecutar un ataque de denegación de servicio cuando phpMyAdmin se ejecuta con $cfg['AllowArbitraryServer']=true. • http://www.securityfocus.com/bid/94525 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-65 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9856
https://notcve.org/view.php?id=CVE-2016-9856
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema XSS en phpMyAdmin debido a una corrección incorrecta para la CVE-2016-2559 en PMASA-2016-10. Este problema se resuelve utilizando una copia de un hash para evitar una condición de carrera. • http://www.securityfocus.com/bid/94530 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-64 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •