UBUNTU-CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

UBUNTU-CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

DEBIAN-CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

UBUNTU-CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

CVE-2016-1927

CVE-2016-1927 – phpMyAdmin password generation weakness : The vulnerability concerns the suggestPassword function in js/functions.js of phpMyAdmin. It relies on JavaScript’s Math.random, making generated passphrases more guessable by remote attackers via brute force. Affected branches are phpMyAd...

CVE-2016-2038

CVE-2016-2038 affects phpMyAdmin: versions 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 are vulnerable. Root cause is an error message that reveals the full path when processing a crafted request, leading to information disclosure. Public references (PMASA-2016-1/6/8) des...

CVE-2016-2039

CVE-2016-2039 — phpMyAdmin CSRF token prediction . The vulnerability affects phpMyAdmin 4.x (notably 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4) where CSRF token values are generated in a way that can be predicted. This enables remote attackers to bypass access restrict...

CVE-2016-2040

CVE-2016-2040 is an XSS vulnerability in phpMyAdmin affecting multiple branches (4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, 4.5.x before 4.5.4) where remote authenticated users can inject arbitrary script via a Location header, as well as via table name, SET value, or search query. Connected ...

CVE-2016-2041

CVE-2016-2041 affects phpMyAdmin 4.0.x (before 4.0.10.13), 4.4.x (before 4.4.15.3), and 4.5.x (before 4.5.4). The issue is that libraries/common.inc.php does not use a constant‑time comparison for CSRF tokens, enabling timing analysis to bypass access restrictions as described in the initial desc...

CVE-2016-2042

CVE-2016-2042 affects phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4. A information-disclosure path exists in AES.php and Rijndael.php that, when processing a crafted request, reveals the full installation path in an error message. Impact is partial confidentiality disclosure of server p...

CVE-2016-2043

CVE-2016-2043 affects phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4. The vulnerability is a cross-site scripting (XSS) issue in the goToFinish1NF function of js/normalization.js, allowing remote authenticated users to inject arbitrary web script or HTML via a table name to the normaliza...

CVE-2016-2044

CVE-2016-2044 affects phpMyAdmin 4.5.x before 4.5.4. The information disclosure occurs in libraries/sql-parser/autoload.php of the SQL parser, where a crafted request causes an error message that reveals the full installation path to an unauthenticated/remote attacker. The vulnerability is a resu...

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

CVE-2016-2043

Cross-site scripting XSS vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page...

CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...