1270 matches found
DEBIAN-CVE-2016-2561
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...
UBUNTU-CVE-2016-2561
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...
CVE-2016-2561
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...
CVE-2016-2561
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...
CVE-2016-2561
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...
phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability
The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...
DEBIAN-CVE-2016-2043
Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...
CVE-2016-2043
Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...
Cross site scripting
Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...
UBUNTU-CVE-2016-2043
Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...
CVE-2016-2043
Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...
CVE-2016-2043
Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...
openSUSE Security Update : phpMyAdmin 4.4.15.4 (openSUSE-2016-168)
Security update to phpMyAdmin 4.4.15.4 The followinng vulnerabilities were fixed: boo964024 - CVE-2016-2038: Multiple full path disclosure vulnerabilities - CVE-2016-2039: Unsafe generation of XSRF/CSRF token - CVE-2016-2040: Multiple XSS vulnerabilities - CVE-2016-1927: Insecure password...
openSUSE Security Update : phpMyAdmin (openSUSE-2016-151)
This update to phpMyAdmin 4.4.15.4 fixes the following issues boo964024 - CVE-2016-2038: Multiple full path disclosure vulnerabilities - CVE-2016-2039: Unsafe generation of XSRF/CSRF token - CVE-2016-2040: Multiple XSS vulnerabilities - CVE-2016-1927: Insecure password generation in JavaScript -...
tomcat: URL Normalization issue
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...
phpmyadmin -- XSS vulnerability in normalization page
The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database normalization page. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token...
tomcat: URL Normalization issue
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...
h2o -- directory traversal vulnerability
Yakuzo reports: H2O up to version 1.4.4 / 1.5.0-beta1 contains a flaw in its URL normalization logic. When file.dir directive is used, this flaw allows a remote attacker to retrieve arbitrary files that exist outside the directory specified by the directive. H2O version 1.4.5 and version...
Medium: libgcrypt
Issue Overview: Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. CVE-2015-0837 Fix a side-channel attack which can potentially lead to an information leak. CVE-2014-3591 Libgcrypt before 1.5.4, as used in...
Suspicious Sender Address
Most mail transfer agents perform certain normalizations over mail headers, including the sender address. A non-normalized sender address may imply a non-standard mail transfer agent, which could indicate suspicious activity...