CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5098 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5098
05 Jul 2016 — Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. Vulnerabilidad de salto de directorio en libraries/error_report.lib.php en phpMyAdmin en versiones anteriores a 4.6.2-prerelease permite a atacantes remotos determinar la existencia de archivos arbitrarios desencadenando un error. Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could ... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2016-5099 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5099
05 Jul 2016 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. Vulnerabilidad de XSS en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.6 y 4.6.x en versiones anteriores a 4.6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de caracteres especiales que no son manejados adecuadamente durante l... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5701 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5701
03 Jul 2016 — setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. setup/frames/index.inc.php en phpMyAdmin 4.0.10.x en versiones anteriores a 4.0.10.16, 4.4.15.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos llevar a cabo ataques de inyección BBCode contra sesiones HTTP a través de una URI manipulada. ... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5702 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5702
03 Jul 2016 — phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. phpMyAdmin 4.6.x en versiones anteriores a 4.6.3, cuando el entorno carece de valor PHP_SELF, permite a atacantes remotos llevar a cabo ataques de inyección cookie-attribute a través de una URI manipulada. Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. Versions less than 4.6.5.1... • https://github.com/phpmyadmin/phpmyadmin/commit/27caf5b46bd0890e576fea7bd7b166a0639fdf68 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 1%CPEs: 34EXPL: 0CVE-2016-5703 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5703
03 Jul 2016 — SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. Vulnerbilidad de inyección SQL en libraries/central_columns.lib.php en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x before 4.6.3 permite a atacantes remotos ejecutar comando SQL arbitrarios a través de un nombre de database manipulado que es... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5704 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5704
03 Jul 2016 — Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. Vulnerabilidad de XSS en la página table-structure en phpMyAdmin 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a través de vectores relacionados con comentarios. Multiple vulnerabilities have been found in phpMyAdmin, the worst of which co... • https://github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2016-5705 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5705
03 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.4.x... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 0CVE-2016-5706 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5706
03 Jul 2016 — js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. js/get_scripts.js.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos provocar una denegación de servicio a través de una gran variedad en el parámetro de secuencias de comandos. Multiple vul... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 1%CPEs: 62EXPL: 0CVE-2016-5730 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5730
03 Jul 2016 — phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y ... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5731 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5731
03 Jul 2016 — Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. Vulnerabilidad de XSS en examples/openid.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar comandos de secuencias web o HTML... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •