Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6026 matches found

OSV
OSVadded 2016/02/20 1:59 a.m.4 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

5.3CVSS6.2AI score
Exploits0References8
OSV
OSVadded 2016/02/20 1:59 a.m.2 views

DEBIAN-CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS5.9AI score0.01204EPSS
Exploits0References1
NVD
NVDadded 2016/02/20 1:59 a.m.15 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS5.8AI score0.01204EPSS
Exploits0References11
OSV
OSVadded 2016/02/20 1:59 a.m.5 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS7.1AI score
Exploits0References11
UbuntuCve
UbuntuCveadded 2016/02/20 1:59 a.m.21 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

5.3CVSS6.9AI score0.00382EPSS
Exploits0References2
OSV
OSVadded 2016/02/20 1:59 a.m.0 views

UBUNTU-CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS6.8AI score0.00493EPSS
Exploits0References3
Prion
Prionadded 2016/02/20 1:59 a.m.16 views

Design/Logic Flaw

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5CVSS6.4AI score0.01204EPSS
Exploits0References11Affected Software4
UbuntuCve
UbuntuCveadded 2016/02/20 1:59 a.m.26 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.2AI score0.01029EPSS
Exploits0References2
NVD
NVDadded 2016/02/20 1:59 a.m.14 views

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.3AI score0.00628EPSS
Exploits0References8
UbuntuCve
UbuntuCveadded 2016/02/20 1:59 a.m.29 views

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS6.8AI score0.00493EPSS
Exploits0References2
OSV
OSVadded 2016/02/20 1:59 a.m.0 views

UBUNTU-CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.2AI score0.00628EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2016/02/20 1:59 a.m.28 views

CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS6.5AI score0.00437EPSS
Exploits0References2
OSV
OSVadded 2016/02/20 1:59 a.m.1 views

UBUNTU-CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.2AI score0.01029EPSS
Exploits0References3
OSV
OSVadded 2016/02/20 1:59 a.m.1 views

UBUNTU-CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5.3CVSS6.8AI score0.01204EPSS
Exploits0References3
OSV
OSVadded 2016/02/20 1:59 a.m.1 views

DEBIAN-CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.4AI score0.00628EPSS
Exploits0References1
OSV
OSVadded 2016/02/20 1:59 a.m.5 views

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.3AI score
Exploits0References8
Prion
Prionadded 2016/02/20 1:59 a.m.23 views

Design/Logic Flaw

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

5CVSS7AI score0.00437EPSS
Exploits0References4Affected Software2
Prion
Prionadded 2016/02/20 1:59 a.m.23 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

3.5CVSS5.5AI score0.00493EPSS
Exploits0References9Affected Software4
Prion
Prionadded 2016/02/20 1:59 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

3.5CVSS6AI score0.00284EPSS
Exploits0References5Affected Software2
Prion
Prionadded 2016/02/20 1:59 a.m.18 views

Cross site request forgery (csrf)

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

5CVSS7AI score0.01029EPSS
Exploits0References7Affected Software4
Rows per page
Query Builder