CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9866
https://notcve.org/view.php?id=CVE-2016-9866
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Cuando el arg_separator es diferente de su valor predeterminado, el token CSRF no sé eliminó correctamente de la URL de retorno de la acción de importación de preferencias. • http://www.securityfocus.com/bid/94536 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-71 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6625
https://notcve.org/view.php?id=CVE-2016-6625
An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/92491 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9851
https://notcve.org/view.php?id=CVE-2016-9851
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. Se descubrió un problema en phpMyAdmin. Con un valor de parámetro de solicitud manipulado es posible eludir el tiempo de espera de cierre de sesión. • http://www.securityfocus.com/bid/94534 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-62 • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6618
https://notcve.org/view.php?id=CVE-2016-6618
An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. La característica de transformación permite a usuarios desencadenar una ataque de denegación de servicio (DoS) contra el servidor. • http://www.securityfocus.com/bid/95047 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-41 •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2016-9849
https://notcve.org/view.php?id=CVE-2016-9849
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. Se descubrió un problema en phpMyAdmin. Es posible eludir la restricción AllowRoot ($cfg['Servers'][$i]['AllowRoot']) y denegar reglas para nombres de usuario usando Null Byte en el nombre de usuario. • http://www.securityfocus.com/bid/94521 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-60 • CWE-264: Permissions, Privileges, and Access Controls •