CVE-2016-9847: Unsafe generation of blowfish secret. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin* 4.6.5, 4.4.15.9*, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9848: phpinfo information leak value of sensitive cookies. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18. Reference: CVE-2016-9849: Username deny rules bypass by using Null Byte. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9850: Username rule matching issues. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout.. All 4.6.x versions , and 4.4.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9 or newer or apply patch. Reference: CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities. All 4.6.x versions , and 4.4.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, or newer or apply patch. Reference: CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity.. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer apply patch. Reference: CVE-2016-9861Bypass white-list protection for URL redirection. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Reference: CVE-2016-9862: BBCode injection vulnerability. All 4.6.x versions are affected. Upgrade to phpMyAdmin 4.6.5 or newer or apply patch. Reference: CVE-2016-9863: DOS vulnerability in table partitioning. All 4.6.x versions are affected. Upgrade to phpMyAdmin 4.6.5 or newer or apply patch. Reference: CVE-2016-9864: Multiple SQL injection vulnerabilities. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9865: Incorrect serialized string parsing. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. CVE-2016-9866: CSRF token not stripped from the URL. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. Reference: