Lucene search
K

6027 matches found

Cvelist
Cvelist
added 2016/02/20 1:0 a.m.28 views

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.9AI score0.01642EPSS
Exploits0References9
CVE
CVE
added 2016/02/20 1:0 a.m.81 views

CVE-2016-2045

CVE-2016-2045 affects phpMyAdmin 4.5.x before 4.5.4. An XSS vulnerability in the SQL editor allows remote authenticated users to inject arbitrary script/HTML via a SQL query that triggers JSON data in the response. Root cause is a cross-site scripting flaw in the SQL editor when handling crafted ...

5.4CVSS5.7AI score0.01531EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2016/02/20 1:0 a.m.24 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.8AI score0.02564EPSS
Exploits0References11
CVE
CVE
added 2016/02/20 1:0 a.m.72 views

CVE-2016-2038

CVE-2016-2038 affects phpMyAdmin: versions 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 are vulnerable. Root cause is an error message that reveals the full path when processing a crafted request, leading to information disclosure. Public references (PMASA-2016-1/6/8) des...

5.3CVSS5.7AI score0.02564EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2016/02/20 1:0 a.m.80 views

CVE-2016-2040

CVE-2016-2040 is an XSS vulnerability in phpMyAdmin affecting multiple branches (4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, 4.5.x before 4.5.4) where remote authenticated users can inject arbitrary script via a Location header, as well as via table name, SET value, or search query. Connected ...

5.4CVSS5.7AI score0.01642EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2016/02/20 1:0 a.m.27 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

6.1AI score0.02477EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2016/02/20 1:0 a.m.25 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS5.6AI score0.02564EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/02/20 1:0 a.m.24 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

5.3CVSS6.2AI score0.02477EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/02/20 1:0 a.m.27 views

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

5.3CVSS5.5AI score0.02383EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/02/20 1:0 a.m.36 views

CVE-2016-2043

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

5.4CVSS5.4AI score0.01269EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/02/20 1:0 a.m.28 views

CVE-2016-2045

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

5.4CVSS5.9AI score0.01531EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/02/20 1:0 a.m.24 views

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.1AI score0.02688EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/02/20 1:0 a.m.24 views

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS5.7AI score0.01642EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/02/20 1:0 a.m.25 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.3AI score0.02648EPSS
Exploits0
Debian CVE
Debian CVE
added 2016/02/20 1:0 a.m.25 views

CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS5.7AI score0.02033EPSS
Exploits0
CVE
CVE
added 2016/02/20 1:0 a.m.89 views

CVE-2016-2044

CVE-2016-2044 affects phpMyAdmin 4.5.x before 4.5.4. The information disclosure occurs in libraries/sql-parser/autoload.php of the SQL parser, where a crafted request causes an error message that reveals the full installation path to an unauthenticated/remote attacker. The vulnerability is a resu...

5.3CVSS5.4AI score0.02033EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2016/02/20 1:0 a.m.60 views

CVE-2016-2043

CVE-2016-2043 affects phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4. The vulnerability is a cross-site scripting (XSS) issue in the goToFinish1NF function of js/normalization.js, allowing remote authenticated users to inject arbitrary web script or HTML via a table name to the normaliza...

5.4CVSS5.1AI score0.01269EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2016/02/20 1:0 a.m.91 views

CVE-2016-2041

CVE-2016-2041 affects phpMyAdmin 4.0.x (before 4.0.10.13), 4.4.x (before 4.4.15.3), and 4.5.x (before 4.5.4). The issue is that libraries/common.inc.php does not use a constant‑time comparison for CSRF tokens, enabling timing analysis to bypass access restrictions as described in the initial desc...

7.5CVSS7.3AI score0.02648EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2016/02/20 1:0 a.m.70 views

CVE-2016-1927

CVE-2016-1927 – phpMyAdmin password generation weakness : The vulnerability concerns the suggestPassword function in js/functions.js of phpMyAdmin. It relies on JavaScript’s Math.random, making generated passphrases more guessable by remote attackers via brute force. Affected branches are phpMyAd...

7.5CVSS7.2AI score0.02688EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2016/02/20 1:0 a.m.64 views

CVE-2016-2042

CVE-2016-2042 affects phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4. A information-disclosure path exists in AES.php and Rijndael.php that, when processing a crafted request, reveals the full installation path in an error message. Impact is partial confidentiality disclosure of server p...

5.3CVSS5.1AI score0.02383EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder