CVE-2016-6632

CVE-2016-6632 affects phpMyAdmin: under certain conditions, temporary files may not be deleted during ESRI-file imports. Affected versions include all 4.6.x before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before 4.0.10.17. Remediation guidance from connected documents: Debian LTS fixes apply to ph...

CVE-2016-6624

CVE-2016-6624 affects phpMyAdmin: IPv6 in proxy setups can bypass IP-based authentication when the proxy is allowed but the client is not. Affected versions are 4.6.x before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before 4.0.10.17. The vulnerability allows the attacking host to connect despite IP...

CVE-2016-6620

CVE-2016-6620 affects phpMyAdmin: the vulnerability arises when data is passed to unserialize() without validating serialized data, enabling potential code execution through object instantiation/autoloading. Affected versions are all 4.6.x before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before 4.0...

CVE-2016-9850

CVE-2016-9850 affects phpMyAdmin; root cause is non-constant execution time in username matching for allow/deny rules, which may cause wrong matches and exposure of the username in rules. Affected versions: phpMyAdmin 4.6.x before 4.6.5, 4.4.x before 4.4.15.9, and 4.0.x before 4.0.10.18. Impact i...

CVE-2016-6606

phpMyAdmin is affected by CVE-2016-6606 due to a padding oracle vulnerability in cookie-based encryption that could allow an attacker with access to a user’s browser cookie to decrypt the stored username and password. The issue also stems from reusing the same IV to hash the username and password...

CVE-2016-6615

CVE-2016-6615 describes cross-site scripting (XSS) issues in phpMyAdmin. Affected areas include the navigation pane, database/table hiding feature, the Tracking feature, and the GIS visualization feature. All 4.6.x versions prior to 4.6.4 and 4.4.x versions prior to 4.4.15.8 are affected. The pro...

CVE-2016-6607

XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...

CVE-2016-6629

An issue was discovered in phpMyAdmin involving the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x...

CVE-2016-6622

phpMyAdmin DoS (CVE-2016-6622): An unauthenticated user can trigger a denial-of-service by forcing persistent connections when phpMyAdmin is configured with $cfg['AllowArbitraryServer']=true. Affected versions: all 4.6.x prior to 4.6.4, 4.4.x prior to 4.4.15.8, and 4.0.x prior to 4.0.10.17. Conne...

CVE-2016-6614

CVE-2016-6614 affects phpMyAdmin and is caused by the %u username replacement used by SaveDir and UploadDir, enabling a specially crafted username to bypass file-system restrictions (Filesystem traversal). Affected versions: all 4.6.x prior to 4.6.4, all 4.4.x prior to 4.4.15.8, and all 4.0.x pri...

CVE-2016-6623

CVE-2016-6623 affects phpMyAdmin: an authorized user can cause a denial-of-service on the server by passing large values to a loop. Affected versions include all 4.6.x before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before 4.0.10.17. The issue is a DoS condition due to looping with large inputs; n...

CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-6618

CVE-2016-6618 affects phpMyAdmin: the transformation feature can trigger a denial-of-service on the server. Affected are all 4.6.x versions before 4.6.4, all 4.4.x versions before 4.4.15.8, and all 4.0.x versions before 4.0.10.17. The vulnerability is due to the transformation functionality, lead...

CVE-2016-9860

An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2016-9851

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...

CVE-2016-6625

Summary: CVE-2016-6625 affects phpMyAdmin. An information-disclosure vulnerability allows an attacker to determine whether a user is logged in to phpMyAdmin. Affected versions are all 4.6.x before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before 4.0.10.17. The disclosure does not expose the user’s ...

CVE-2016-6622

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

CVE-2016-6619

CVE-2016-6619 is a SQL injection vulnerability in phpMyAdmin's user interface preference feature. The flaw allows an attacker to inject SQL against the control user account by exploiting inadequate input sanitization in the UI, affecting multiple branches: 4.6.x (pre-4.6.4), 4.4.x (pre-4.4.15.8),...

CVE-2016-9860

CVE-2016-9860 describes a DoS in phpMyAdmin when $cfg['AllowArbitraryServer']=true. Affected are phpMyAdmin 4.6.x before 4.6.5, 4.4.x before 4.4.15.9, and 4.0.x before 4.0.10.18. Root cause is unauthenticated DoS via arbitrary servers; impact is availability. Remediation per connected sources: up...

CVE-2016-9851

CVE-2016-9851 (phpMyAdmin) : A vulnerability allows bypass of the logout timeout via a crafted request parameter. Affected are all 4.6.x versions prior to 4.6.5 and 4.4.x versions prior to 4.4.15.9. The issue is documented in the initial CVE entry, with CVSS metrics indicating a low to medium imp...