Lucene search
K

6027 matches found

Prion
Prion
added 2016/03/01 11:59 a.m.17 views

Design/Logic Flaw

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate...

5.8CVSS6.2AI score0.00772EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2016/03/01 11:59 a.m.24 views

CVE-2016-2559

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

5.4CVSS6.8AI score0.01712EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/03/01 11:59 a.m.33 views

CVE-2016-2562

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate...

6.8CVSS6.8AI score0.00772EPSS
Exploits0References3
NVD
NVD
added 2016/03/01 11:59 a.m.17 views

CVE-2016-2559

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

5.4CVSS5.6AI score0.01712EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/03/01 11:59 a.m.24 views

CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

5.4CVSS6.8AI score0.02468EPSS
Exploits0References8
Prion
Prion
added 2016/03/01 11:59 a.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

3.5CVSS5.6AI score0.02468EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2016/03/01 11:59 a.m.4 views

UBUNTU-CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

6.1CVSS6.9AI score0.03109EPSS
Exploits0References8
OSV
OSV
added 2016/03/01 11:59 a.m.5 views

CVE-2016-2559

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

5.4CVSS5.4AI score
Exploits0References4
OSV
OSV
added 2016/03/01 11:59 a.m.2 views

UBUNTU-CVE-2016-2559

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

5.4CVSS6.8AI score0.01712EPSS
Exploits0References4
OSV
OSV
added 2016/03/01 11:59 a.m.1 views

DEBIAN-CVE-2016-2559

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

5.4CVSS8.3AI score0.01712EPSS
Exploits0References1
Prion
Prion
added 2016/03/01 11:59 a.m.29 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

4.3CVSS6.5AI score0.03109EPSS
Exploits0References11Affected Software1
UbuntuCve
UbuntuCve
added 2016/03/01 11:59 a.m.29 views

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

6.1CVSS6.8AI score0.03109EPSS
Exploits0References7
OSV
OSV
added 2016/03/01 11:59 a.m.2 views

UBUNTU-CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

5.4CVSS6.7AI score0.02468EPSS
Exploits0References9
OSV
OSV
added 2016/03/01 11:59 a.m.3 views

UBUNTU-CVE-2016-2562

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate...

6.8CVSS6.8AI score0.00772EPSS
Exploits0References4
CVE
CVE
added 2016/03/01 11:0 a.m.79 views

CVE-2016-2560

The CVE-2016-2560 issue affects phpMyAdmin series: 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1. The vulnerability consists of multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML through several vectors (crafted H...

6.1CVSS6.2AI score0.03109EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2016/03/01 11:0 a.m.30 views

CVE-2016-2562

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate...

6.1AI score0.00772EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/03/01 11:0 a.m.27 views

CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

5.7AI score0.02468EPSS
Exploits0References12
Cvelist
Cvelist
added 2016/03/01 11:0 a.m.32 views

CVE-2016-2559

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

5.6AI score0.01712EPSS
Exploits0References4
CVE
CVE
added 2016/03/01 11:0 a.m.83 views

CVE-2016-2562

CVE-2016-2562 affects phpMyAdmin 4.5.x before 4.5.5.1. The checkHTTP function in libraries/Config.class.php does not verify X.509 certificates from api.github.com SSL servers, enabling MITM spoofing and potential leakage of sensitive data via a crafted certificate. Connected sources (NVD/PMASA) c...

6.8CVSS6AI score0.00772EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2016/03/01 11:0 a.m.97 views

CVE-2016-2559

CVE-2016-2559 affects phpMyAdmin 4.5.x prior to 4.5.5.1, where the XSS flaw lies in the format function of libraries/sql-parser/src/Utils/Error.php. Exploitation requires an authenticated user to issue a crafted query, enabling injection of script/HTML. The CVSS/metrics indicate a Medium severity...

5.4CVSS5.4AI score0.01712EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder