Lucene search
K

130 matches found

CNVD
CNVD
added 2016/07/05 12:0 a.m.4 views

phpMyAdmin Injection Attack Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 4.6.3...

4.3CVSS7.7AI score0.01689EPSS
Exploits0References1
NVD
NVD
added 2016/07/03 1:59 a.m.18 views

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS4.6AI score0.01689EPSS
Exploits0References3
Prion
Prion
added 2016/07/03 1:59 a.m.23 views

Design/Logic Flaw

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS7.1AI score0.01689EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2016/07/03 1:59 a.m.38 views

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS6.8AI score0.01689EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.43 views

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS6.8AI score0.01689EPSS
Exploits0
CVE
CVE
added 2016/07/03 1:0 a.m.68 views

CVE-2016-5702

CVE-2016-5702 affects phpMyAdmin 4.6.x prior to 4.6.3. The vulnerability arises when the environment lacks PHP_SELF, enabling cookie-attribute injection via a crafted URI. Affected component is the web management interface; the root cause is missing PHP_SELF handling that allows manipulation of c...

4.3CVSS6.3AI score0.01689EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/07/03 1:0 a.m.34 views

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

6.5AI score0.01689EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2012/03/01 12:0 a.m.819 views

Missing 'Secure' Cookie Attribute (HTTP)

The remote HTTP web server / application is missing to set the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4AI score
Exploits0References3
CERT
CERT
added 2004/10/12 12:0 a.m.25 views

Multiple networking devices fail to set the "Secure" attribute of a cookie

Overview Multiple vendors' networking devices fail to set the "Secure" cookie attribute and could disclose sensitive information about a user's HTTP session. Description Many networking devices provide a built-in web server, which may support the HTTPS protocol. When a user logs into the device...

2.1CVSS5.6AI score0.00433EPSS
Exploits0References1
NVD
NVD
added 2003/08/18 4:0 a.m.13 views

CVE-2003-0587

Cross-site scripting XSS vulnerability in Infopop Ultimate Bulletin Board UBB 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie...

6.9CVSS6.1AI score0.00545EPSS
Exploits0References1
Rows per page
Query Builder