Page 15 of 104 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0

CVE-2016-2560

https://notcve.org/view.php?id=CVE-2016-2560

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.15, 4.4.x en versiones anteriores a 4.4.15.5 y 4.5.x en versiones anteriores a 4.5.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) una cabecera Host HTTP manipulada, relacionada con libraries/Config.class.php; (2) datos JSON manipulados, relacionados con file_echo.php; (3) una petición SQL manipulada, relacionada con js/functions.js; (4) el parámetro inicial en libraries/server_privileges.lib.php en la página de cuentas de usuario; o (5) el parámetro it en libraries/controllers/TableSearchController.class.php en la página zoom search. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html http://www.debian.org/security/2016/dsa-3627 https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078 https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4 https://github.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0

CVE-2016-2038

https://notcve.org/view.php?id=CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permite a atacantes remotos obtener información sensible a través de una petición manipulada, lo cual revela la ruta completa en un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html http://www.phpmyadmin.net/home_page/security/PMASA-2016-1.php https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31d820a19f8c93 https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d58c0435d64d81 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0

CVE-2016-1927

https://notcve.org/view.php?id=CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. La función suggestPassword en js/functions.js en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 se basa en la función Math.random JavaScript, lo que hace que sea más fácil para atacantes remotos adivinar las contraseñas a través de una aproximación por fuerza bruta. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html http://www.debian.org/security/2016/dsa-3627 http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22 https://github.com • CWE-254: 7PK - Security Features CWE-255: Credentials Management Errors •

CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0

CVE-2016-2039

https://notcve.org/view.php?id=CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. libraries/session.inc.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 no genera adecuadamente valores de token CSRF, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso mediante la predicción de un valor. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html http://www.debian.org/security/2016/dsa-3627 http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e https://github.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 50EXPL: 0

CVE-2016-2040

https://notcve.org/view.php?id=CVE-2016-2040

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un nombre de tabla, (2) un valor SET, (3) una consulta de búsqueda o (4) un nombre de host en una cabecera Location. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html http://www.debian.org/security/2016/dsa-3627 http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc https://github.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •