Lucene search
K

6027 matches found

OSV
OSV
added 2016/02/20 1:59 a.m.1 views

DEBIAN-CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

5.3CVSS9.5AI score0.02477EPSS
Exploits0References1
OSV
OSV
added 2016/02/20 1:59 a.m.6 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

5.3CVSS6.2AI score
Exploits0References8
NVD
NVD
added 2016/02/20 1:59 a.m.16 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS5.8AI score0.02564EPSS
Exploits0References11
OSV
OSV
added 2016/02/20 1:59 a.m.2 views

DEBIAN-CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS5.9AI score0.02564EPSS
Exploits0References1
OSV
OSV
added 2016/02/20 1:59 a.m.6 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS7.1AI score
Exploits0References11
Prion
Prion
added 2016/02/20 1:59 a.m.19 views

Cross site request forgery (csrf)

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

5CVSS7AI score0.02648EPSS
Exploits0References7Affected Software4
UbuntuCve
UbuntuCve
added 2016/02/20 1:59 a.m.25 views

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

5.3CVSS6.4AI score0.02383EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/02/20 1:59 a.m.26 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.2AI score0.02648EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/02/20 1:59 a.m.33 views

CVE-2016-2045

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

5.4CVSS6.5AI score0.01531EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/02/20 1:59 a.m.28 views

CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS6.5AI score0.02033EPSS
Exploits0References2
Prion
Prion
added 2016/02/20 1:59 a.m.18 views

Design/Logic Flaw

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

5CVSS6.8AI score0.02688EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2016/02/20 1:59 a.m.17 views

Design/Logic Flaw

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5CVSS6.4AI score0.02564EPSS
Exploits0References11Affected Software4
Prion
Prion
added 2016/02/20 1:59 a.m.23 views

Design/Logic Flaw

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5CVSS7AI score0.02033EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2016/02/20 1:59 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

3.5CVSS6AI score0.01531EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2016/02/20 1:59 a.m.25 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

3.5CVSS5.5AI score0.01642EPSS
Exploits0References9Affected Software4
UbuntuCve
UbuntuCve
added 2016/02/20 1:59 a.m.29 views

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS6.8AI score0.01642EPSS
Exploits0References2
Prion
Prion
added 2016/02/20 1:59 a.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

3.5CVSS5.6AI score0.01269EPSS
Exploits0References6Affected Software4
NVD
NVD
added 2016/02/20 1:59 a.m.14 views

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.3AI score0.02688EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2016/02/20 1:59 a.m.38 views

CVE-2016-2043

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

5.4CVSS6.6AI score0.01269EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/02/20 1:59 a.m.23 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

5.3CVSS6.9AI score0.02477EPSS
Exploits0References2
Rows per page
Query Builder