rpm package

opensuse/phpMyAdmin&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweed

Vulnerabilities (163)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-9863	Hig	7.5	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.
CVE-2016-9862	Hig	7.5	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.
CVE-2016-9861	Hig	7.5	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-9860	Med	5.9	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18
CVE-2016-9859	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-9858	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affe
CVE-2016-9857	Med	6.1	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-9856	Med	6.1	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior
CVE-2016-9855	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution ti
CVE-2016-9854	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution ti
CVE-2016-9853	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution ti
CVE-2016-9852	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution ti
CVE-2016-9851	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.
CVE-2016-9850	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions
CVE-2016-9849	Cri	9.8	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (pr
CVE-2016-9848	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-9847	Med	5.3	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determi
CVE-2016-6633	Hig	8.1	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior
CVE-2016-6632	Med	5.9	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2016-6631	Hig	7.5	< 4.6.5.2-1.1	4.6.5.2-1.1	Dec 11, 2016	An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the fil

CVE-2016-9863HigDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.
CVE-2016-9862HigDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.
CVE-2016-9861HigDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-9860MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18
CVE-2016-9859MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-9858MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affe
CVE-2016-9857MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-9856MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior
CVE-2016-9855MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution ti
CVE-2016-9854MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution ti
CVE-2016-9853MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution ti
CVE-2016-9852MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution ti
CVE-2016-9851MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.
CVE-2016-9850MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions
CVE-2016-9849CriDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (pr
CVE-2016-9848MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-9847MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determi
CVE-2016-6633HigDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior
CVE-2016-6632MedDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2016-6631HigDec 11, 2016
affected < 4.6.5.2-1.1fixed 4.6.5.2-1.1
An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the fil

Page 3 of 9