CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2016-2559
https://notcve.org/view.php?id=CVE-2016-2559
01 Mar 2016 — Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. Vulnerabilidad de XSS en la función format en libraries/sql-parser/src/Utils/Error.php en el intérprete SQL en phpMyAdmin 4.5.x en versiones anteriores a 4.5.5.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2038
https://notcve.org/view.php?id=CVE-2016-2038
20 Feb 2016 — phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permite a atacantes remotos obtener información sensible a través de una petición manipulada, lo cual revela la ruta completa en un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2040 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2040
20 Feb 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permiten a usuarios remotos autenticado... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 0CVE-2016-2042
https://notcve.org/view.php?id=CVE-2016-2042
20 Feb 2016 — phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permite a atacantes remotos obtener información sensible a través de una petición manipulada a (1) libraries/phpseclib/Crypt/AES.php o (2) libraries/... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2016-1927 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-1927
20 Feb 2016 — The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. La función suggestPassword en js/functions.js en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 se basa en la función Math.random JavaScript, lo que hace q... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-254: 7PK - Security Features CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2039 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2039
20 Feb 2016 — libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. libraries/session.inc.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 no genera adecuadamente valores de token CSRF, lo que permite a atacantes remotos eludir las restric... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2041 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2041
20 Feb 2016 — libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. libraries/common.inc.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 no utiliza un algoritmo de tiempo constante para comparar tok... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-254: 7PK - Security Features •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2045
https://notcve.org/view.php?id=CVE-2016-2045
20 Feb 2016 — Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. Vulnerabilidad de XSS en el editor SQL en phpMyAdmin 4.5.x en versiones anteriores a 4.5.4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una consulta SQL que desencadena datos JSON en una respuesta. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 32EXPL: 0CVE-2016-2043
https://notcve.org/view.php?id=CVE-2016-2043
20 Feb 2016 — Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. Vulnerabilidad de XSS en la función goToFinish1NF en js/normalization.js en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permite a usuarios remotos autenticados inyectar secuencias de comandos we... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2044
https://notcve.org/view.php?id=CVE-2016-2044
20 Feb 2016 — libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. libraries/sql-parser/autoload.php en analizador SQL en phpMyAdmin 4.5.x en versiones anteriores a 4.5.4 permite a atacantes remotos obtener información sensible a través de una petición manipulada, lo cual revela la ruta completa en un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •