CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9862 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9862
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. Se descubrió un problema en phpMyAdmin. Con una solicitud de inicio de sesión manipulada es posible inyectar BBCode en la página de inicio de sesión. • http://www.securityfocus.com/bid/94528 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9863 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9863
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. Se descubrió un problema en phpMyAdmin. Con una petición muy grande para la función de particionamiento de tabla, es posible invocar un ataque de denegación de servicio (DoS). • http://www.securityfocus.com/bid/94526 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9864 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9864
11 Dec 2016 — An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) ar... • http://www.securityfocus.com/bid/94533 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9865 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9865
11 Dec 2016 — An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Debido a un error en el análisis de cadenas serializado, fue posible eludir la protección ofrecida por la función PMA_safeUnserialize(). • http://www.securityfocus.com/bid/94531 • CWE-254: 7PK - Security Features CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9866 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9866
11 Dec 2016 — An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Cuando el arg_separator es diferente de su valor predeterminado, el token CSRF no sé eliminó correctamente de la URL de retorno de la acción de import... • http://www.securityfocus.com/bid/94536 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9847 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9847
11 Dec 2016 — An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. • http://www.securityfocus.com/bid/94524 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9848 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-9848
11 Dec 2016 — An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. phpinfo (phpinfo.php) muestra información PHP incluyendo valores de cookies HttpOnly. Todas las versiones 4.6.x (anteriores a 4.6.5), versiones 4.4.x (anteriores a 4.4.15.9) y versiones 4.0.x (anteriores a 4.0.10.18) están a... • http://www.securityfocus.com/bid/94523 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5097 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5097
05 Jul 2016 — phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. phpMyAdmin en versiones anteriores a 4.6.2 emplaza tokens en cadenas de consulta y no gestiona su eliminación antes de la navegación externa, lo que permite a atacantes remotos obtener información sensible leyendo (1) peticiones HTTP o (2) los registros del servidor. Multi... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5098 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5098
05 Jul 2016 — Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. Vulnerabilidad de salto de directorio en libraries/error_report.lib.php en phpMyAdmin en versiones anteriores a 4.6.2-prerelease permite a atacantes remotos determinar la existencia de archivos arbitrarios desencadenando un error. Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could ... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2016-5099 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5099
05 Jul 2016 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. Vulnerabilidad de XSS en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.6 y 4.6.x en versiones anteriores a 4.6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de caracteres especiales que no son manejados adecuadamente durante l... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •