CVE-2016-6607

XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...

CVE-2016-6607

XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...

ALPINE-CVE-2016-6607

XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...

DEBIAN-CVE-2016-6607

XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...

CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

DEBIAN-CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

ALPINE-CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

CVE-2016-4412

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions prior to 4.0.10.16 are affected...

DEBIAN-CVE-2016-4412

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions prior to 4.0.10.16 are affected...

CVE-2016-4412

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions prior to 4.0.10.16 are affected...

CVE-2016-9855

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

UBUNTU-CVE-2016-6614

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions prior...

UBUNTU-CVE-2016-6626

An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

UBUNTU-CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

UBUNTU-CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

UBUNTU-CVE-2016-6632

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

UBUNTU-CVE-2016-6624

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...

UBUNTU-CVE-2016-9857

An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

UBUNTU-CVE-2016-6615

XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature a specially-crafted database name can be used to trigger an XSS attack; the "Tracking" feature a specially-crafted query can be used to trigger an XSS attack; and GIS visualization feature. Al...