CVSS: 5.4EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2040 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2040
20 Feb 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permiten a usuarios remotos autenticado... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2045
https://notcve.org/view.php?id=CVE-2016-2045
20 Feb 2016 — Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. Vulnerabilidad de XSS en el editor SQL en phpMyAdmin 4.5.x en versiones anteriores a 4.5.4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una consulta SQL que desencadena datos JSON en una respuesta. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 0CVE-2016-2042
https://notcve.org/view.php?id=CVE-2016-2042
20 Feb 2016 — phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permite a atacantes remotos obtener información sensible a través de una petición manipulada a (1) libraries/phpseclib/Crypt/AES.php o (2) libraries/... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0CVE-2015-8669
https://notcve.org/view.php?id=CVE-2015-8669
26 Dec 2015 — libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. libraries/config/messages.inc.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.12, 4.4.x en versiones anteriores a 4.4.15.2 y 4.5.x en versiones anteriores a 4.5.3.1 permite a atacantes remotos obtener información sensible a través de una petición manipula... • http://lists.opensuse.org/opensuse-updates/2016-01/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •