Lucene search
K

6027 matches found

Prion
Prion
added 2016/02/20 1:59 a.m.17 views

Cross site request forgery (csrf)

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

5CVSS7AI score0.02477EPSS
Exploits0References8Affected Software4
UbuntuCve
UbuntuCve
added 2016/02/20 1:59 a.m.28 views

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.2AI score0.02688EPSS
Exploits0References2
Prion
Prion
added 2016/02/20 1:59 a.m.18 views

Design/Logic Flaw

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

5CVSS6.4AI score0.02383EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2016/02/20 1:59 a.m.3 views

UBUNTU-CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.2AI score0.02648EPSS
Exploits0References3
OSV
OSV
added 2016/02/20 1:59 a.m.2 views

UBUNTU-CVE-2016-2043

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

5.4CVSS6.9AI score0.01269EPSS
Exploits0References3
OSV
OSV
added 2016/02/20 1:59 a.m.2 views

UBUNTU-CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS6.5AI score0.02033EPSS
Exploits0References3
OSV
OSV
added 2016/02/20 1:59 a.m.1 views

DEBIAN-CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.4AI score0.02688EPSS
Exploits0References1
OSV
OSV
added 2016/02/20 1:59 a.m.2 views

UBUNTU-CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS6.8AI score0.01642EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/02/20 1:59 a.m.23 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS6.8AI score0.02564EPSS
Exploits0References2
OSV
OSV
added 2016/02/20 1:59 a.m.3 views

UBUNTU-CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

5.3CVSS6.4AI score0.02383EPSS
Exploits0References3
OSV
OSV
added 2016/02/20 1:59 a.m.2 views

UBUNTU-CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.2AI score0.02688EPSS
Exploits0References3
OSV
OSV
added 2016/02/20 1:59 a.m.8 views

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.3AI score
Exploits0References8
OSV
OSV
added 2016/02/20 1:59 a.m.4 views

UBUNTU-CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS6.8AI score0.02564EPSS
Exploits0References3
OSV
OSV
added 2016/02/20 1:59 a.m.2 views

UBUNTU-CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

5.3CVSS6.8AI score0.02477EPSS
Exploits0References3
OSV
OSV
added 2016/02/20 1:59 a.m.2 views

UBUNTU-CVE-2016-2045

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

5.4CVSS6.6AI score0.01531EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/02/20 1:0 a.m.30 views

CVE-2016-2043

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

5.2AI score0.01269EPSS
Exploits0References6
Cvelist
Cvelist
added 2016/02/20 1:0 a.m.30 views

CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.4AI score0.02033EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/02/20 1:0 a.m.20 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.4AI score0.02648EPSS
Exploits0References7
Cvelist
Cvelist
added 2016/02/20 1:0 a.m.22 views

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.2AI score0.02688EPSS
Exploits0References8
Cvelist
Cvelist
added 2016/02/20 1:0 a.m.25 views

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

5.2AI score0.02383EPSS
Exploits0References6
Rows per page
Query Builder