Lucene search
K

6027 matches found

OpenVAS
OpenVAS
added 2016/02/23 12:0 a.m.25 views

phpMyAdmin Multiple Vulnerabilities -03 (Feb 2016)

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

5.4CVSS6.7AI score0.02383EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2016/02/22 12:0 a.m.36 views

phpMyAdmin Multiple Vulnerabilities (PMASA-2016-8, PMASA-2016-9) - Active Check

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

5.4CVSS6.7AI score0.02033EPSS
Exploits0References4
OSV
OSV
added 2016/02/20 1:59 a.m.8 views

CVE-2016-2045

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

5.4CVSS6.5AI score
Exploits0References5
OSV
OSV
added 2016/02/20 1:59 a.m.1 views

DEBIAN-CVE-2016-2045

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

5.4CVSS8.3AI score0.01531EPSS
Exploits0References1
NVD
NVD
added 2016/02/20 1:59 a.m.19 views

CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS5.5AI score0.02033EPSS
Exploits0References4
OSV
OSV
added 2016/02/20 1:59 a.m.7 views

CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS5.3AI score
Exploits0References4
OSV
OSV
added 2016/02/20 1:59 a.m.1 views

DEBIAN-CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS9.4AI score0.02033EPSS
Exploits0References1
NVD
NVD
added 2016/02/20 1:59 a.m.18 views

CVE-2016-2043

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

5.4CVSS5.3AI score0.01269EPSS
Exploits0References6
OSV
OSV
added 2016/02/20 1:59 a.m.6 views

CVE-2016-2043

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

5.4CVSS5.1AI score
Exploits0References6
OSV
OSV
added 2016/02/20 1:59 a.m.2 views

DEBIAN-CVE-2016-2043

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

5.4CVSS5.2AI score0.01269EPSS
Exploits0References1
NVD
NVD
added 2016/02/20 1:59 a.m.17 views

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

5.3CVSS5.3AI score0.02383EPSS
Exploits0References6
OSV
OSV
added 2016/02/20 1:59 a.m.1 views

DEBIAN-CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

5.3CVSS9.1AI score0.02383EPSS
Exploits0References1
OSV
OSV
added 2016/02/20 1:59 a.m.8 views

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

5.3CVSS5AI score
Exploits0References6
NVD
NVD
added 2016/02/20 1:59 a.m.11 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.4AI score0.02648EPSS
Exploits0References7
OSV
OSV
added 2016/02/20 1:59 a.m.8 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.4AI score
Exploits0References7
OSV
OSV
added 2016/02/20 1:59 a.m.1 views

DEBIAN-CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS9.4AI score0.02648EPSS
Exploits0References1
NVD
NVD
added 2016/02/20 1:59 a.m.23 views

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS5.9AI score0.01642EPSS
Exploits0References9
OSV
OSV
added 2016/02/20 1:59 a.m.3 views

DEBIAN-CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS8.3AI score0.01642EPSS
Exploits0References1
OSV
OSV
added 2016/02/20 1:59 a.m.9 views

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS5.8AI score
Exploits0References9
NVD
NVD
added 2016/02/20 1:59 a.m.17 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

5.3CVSS6.2AI score0.02477EPSS
Exploits0References8
Rows per page
Query Builder