6027 matches found
CVE-2016-2040
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...
CVE-2016-2045
CVE-2016-2045 affects phpMyAdmin 4.5.x before 4.5.4. An XSS vulnerability in the SQL editor allows remote authenticated users to inject arbitrary script/HTML via a SQL query that triggers JSON data in the response. Root cause is a cross-site scripting flaw in the SQL editor when handling crafted ...
CVE-2016-2038
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
CVE-2016-2038
CVE-2016-2038 affects phpMyAdmin: versions 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 are vulnerable. Root cause is an error message that reveals the full path when processing a crafted request, leading to information disclosure. Public references (PMASA-2016-1/6/8) des...
CVE-2016-2040
CVE-2016-2040 is an XSS vulnerability in phpMyAdmin affecting multiple branches (4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, 4.5.x before 4.5.4) where remote authenticated users can inject arbitrary script via a Location header, as well as via table name, SET value, or search query. Connected ...
CVE-2016-2039
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...
CVE-2016-2038
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
CVE-2016-2039
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...
CVE-2016-2042
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...
CVE-2016-2043
Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...
CVE-2016-2045
Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...
CVE-2016-1927
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...
CVE-2016-2040
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...
CVE-2016-2041
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...
CVE-2016-2044
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
CVE-2016-2044
CVE-2016-2044 affects phpMyAdmin 4.5.x before 4.5.4. The information disclosure occurs in libraries/sql-parser/autoload.php of the SQL parser, where a crafted request causes an error message that reveals the full installation path to an unauthenticated/remote attacker. The vulnerability is a resu...
CVE-2016-2043
CVE-2016-2043 affects phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4. The vulnerability is a cross-site scripting (XSS) issue in the goToFinish1NF function of js/normalization.js, allowing remote authenticated users to inject arbitrary web script or HTML via a table name to the normaliza...
CVE-2016-2041
CVE-2016-2041 affects phpMyAdmin 4.0.x (before 4.0.10.13), 4.4.x (before 4.4.15.3), and 4.5.x (before 4.5.4). The issue is that libraries/common.inc.php does not use a constant‑time comparison for CSRF tokens, enabling timing analysis to bypass access restrictions as described in the initial desc...
CVE-2016-1927
CVE-2016-1927 – phpMyAdmin password generation weakness : The vulnerability concerns the suggestPassword function in js/functions.js of phpMyAdmin. It relies on JavaScript’s Math.random, making generated passphrases more guessable by remote attackers via brute force. Affected branches are phpMyAd...
CVE-2016-2042
CVE-2016-2042 affects phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4. A information-disclosure path exists in AES.php and Rijndael.php that, when processing a crafted request, reveals the full installation path in an error message. Impact is partial confidentiality disclosure of server p...