CVSS: 4.4EPSS: 0%CPEs: 28EXPL: 0CVE-2016-4412 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-4412
11 Dec 2016 — An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/94519 • CWE-254: 7PK - Security Features •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6617 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6617
11 Dec 2016 — An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de tabla y/o de base de datos especialmente manipulada puede ser utilizado para desencadenar un ataque de inyección SQL a través de la funcionalidad de exportación. • http://www.securityfocus.com/bid/95044 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6627 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6627
11 Dec 2016 — An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede determinar la localización del host phpMyAdmin a través del archivo url.php. • http://www.securityfocus.com/bid/92494 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9857 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9857
11 Dec 2016 — An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. XSS es posible debido a una debilidad en una expresión regular utilizada en algún procesamiento JavaScript. • http://www.securityfocus.com/bid/94530 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9859 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9859
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible iniciar un ataque de denegación de servicio en la funcionalidad de importación. • http://www.securityfocus.com/bid/94525 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6632 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-6632
11 Dec 2016 — An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin donde, bajo ciertas condiciones, phpMyAdmin no puede eliminar archivos temporales durante la importación de archivos ESRI. Todas las versiones 4.6.x (anteriores a 4.6.4), versiones 4.4.x (anteriores a... • http://www.securityfocus.com/bid/92497 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9863 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9863
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. Se descubrió un problema en phpMyAdmin. Con una petición muy grande para la función de particionamiento de tabla, es posible invocar un ataque de denegación de servicio (DoS). • http://www.securityfocus.com/bid/94526 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5098 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5098
05 Jul 2016 — Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. Vulnerabilidad de salto de directorio en libraries/error_report.lib.php en phpMyAdmin en versiones anteriores a 4.6.2-prerelease permite a atacantes remotos determinar la existencia de archivos arbitrarios desencadenando un error. Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could ... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2016-5099 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5099
05 Jul 2016 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. Vulnerabilidad de XSS en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.6 y 4.6.x en versiones anteriores a 4.6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de caracteres especiales que no son manejados adecuadamente durante l... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5097 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5097
05 Jul 2016 — phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. phpMyAdmin en versiones anteriores a 4.6.2 emplaza tokens en cadenas de consulta y no gestiona su eliminación antes de la navegación externa, lo que permite a atacantes remotos obtener información sensible leyendo (1) peticiones HTTP o (2) los registros del servidor. Multi... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •