Lucene search
K

6027 matches found

CVE
CVE
added 2016/07/03 1:0 a.m.81 views

CVE-2016-5705

CVE-2016-5705 affects phpMyAdmin 4.4.x < 4.4.15.7 and 4.6.x

6.1CVSS7AI score0.0132EPSS
Exploits0References11Affected Software2
CVE
CVE
added 2016/07/03 1:0 a.m.68 views

CVE-2016-5731

CVE-2016-5731 is a cross‑site scripting (XSS) vulnerability in the phpMyAdmin OpenID authentication flow. The issue affects phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3, where an OpenID error message can be manipulated to inject arbitrary web script or HTML via...

6.1CVSS6.7AI score0.01761EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2016/07/03 1:0 a.m.83 views

CVE-2016-5701

CVE-2016-5701 affects phpMyAdmin; BBCode injection can be triggered in HTTP sessions via a crafted URI in setup/frames/index.inc.php. Affected versions include 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3. Debian notes the vulnerability among phpMyAdmin fixes and, i...

6.1CVSS7.4AI score0.01549EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2016/07/03 1:0 a.m.70 views

CVE-2016-5739

CVE-2016-5739 affects phpMyAdmin: Transformation feature vulnerability in 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3. Root cause is omission of no-referrer CSP, enabling CSRF token leakage via Referer header. Impact: potential exposure/read of authentication token enabl...

7.5CVSS8.4AI score0.02892EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2016/07/03 1:0 a.m.81 views

CVE-2016-5733

CVE-2016-5733 describes multiple XSS vulnerabilities in phpMyAdmin across 4.0.x < 4.0.10.16, 4.4.x < 4.4.15.7, and 4.6.x

6.1CVSS6.9AI score0.0219EPSS
Exploits0References14Affected Software1
CVE
CVE
added 2016/07/03 1:0 a.m.68 views

CVE-2016-5732

Consolidated detail: CVE-2016-5732 affects phpMyAdmin 4.6.x prior to 4.6.3. The vulnerability is a cross-site scripting (XSS) flaw in the partition-range handling implemented in templates/table/structure/display_partitions.phtml, allowing remote attackers to inject arbitrary web script or HTML vi...

6.1CVSS7AI score0.01636EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2016/07/03 1:0 a.m.70 views

CVE-2016-5706

CVE-2016-5706 affects phpMyAdmin, where a denial of service is possible by sending a large array in the scripts parameter. Affected branches are 4.0.x prior to 4.0.10.16, 4.4.x prior to 4.4.15.7, and 4.6.x prior to 4.6.3. The NVD metrics show a CVSS v2 base score of 5.0 (Medium) and CVSS v3 base ...

7.5CVSS7.9AI score0.02814EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2016/07/03 1:0 a.m.70 views

CVE-2016-5703

phpMyAdmin is affected: versions 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 contain an SQL injection in libraries/central_columns.lib.php caused by improper sanitization of the database name in central column queries. This allows remote attackers to execute arbitrary SQL commands. Remediation: ...

9.8CVSS9.6AI score0.02323EPSS
Exploits0References6Affected Software2
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.20 views

CVE-2016-5704

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

6.1CVSS7.1AI score0.01644EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.27 views

CVE-2016-5703

SQL injection vulnerability in libraries/centralcolumns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query...

9.8CVSS9.9AI score0.02323EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.23 views

CVE-2016-5705

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...

6.1CVSS7.5AI score0.0132EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.37 views

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS9.7AI score0.81373EPSS
Exploits8
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.26 views

CVE-2016-5732

Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...

6.1CVSS7.4AI score0.01636EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.29 views

CVE-2016-5730

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...

5.3CVSS7.1AI score0.02616EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.24 views

CVE-2016-5731

Cross-site scripting XSS vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message...

6.1CVSS7.2AI score0.01761EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.30 views

CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...

7.5CVSS8.7AI score0.02892EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.32 views

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS6.8AI score0.01689EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.25 views

CVE-2016-5706

js/getscripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter...

7.5CVSS8.2AI score0.02814EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.24 views

CVE-2016-5733

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...

6.1CVSS7.5AI score0.0219EPSS
Exploits0
Cvelist
Cvelist
added 2016/07/03 1:0 a.m.23 views

CVE-2016-5703

SQL injection vulnerability in libraries/centralcolumns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query...

9.7AI score0.02323EPSS
Exploits0References6
Rows per page
Query Builder