NotCVE - vendor:"Phpmyadmin" product:"Phpmyadmin" version:"4.6.2"

Page 16 of 87 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0

CVE-2016-5701

https://notcve.org/view.php?id=CVE-2016-5701

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. setup/frames/index.inc.php en phpMyAdmin 4.0.10.x en versiones anteriores a 4.0.10.16, 4.4.15.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos llevar a cabo ataques de inyección BBCode contra sesiones HTTP a través de una URI manipulada. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html http://www.debian.org/security/2016/dsa-3627 http://www.securityfocus.com/bid/91383 https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-17 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-5702

https://notcve.org/view.php?id=CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. phpMyAdmin 4.6.x en versiones anteriores a 4.6.3, cuando el entorno carece de valor PHP_SELF, permite a atacantes remotos llevar a cabo ataques de inyección cookie-attribute a través de una URI manipulada. • https://github.com/phpmyadmin/phpmyadmin/commit/27caf5b46bd0890e576fea7bd7b166a0639fdf68 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-18 • CWE-254: 7PK - Security Features •

CVSS: 9.8EPSS: 0%CPEs: 34EXPL: 0

CVE-2016-5703

https://notcve.org/view.php?id=CVE-2016-5703

SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. Vulnerbilidad de inyección SQL en libraries/central_columns.lib.php en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x before 4.6.3 permite a atacantes remotos ejecutar comando SQL arbitrarios a través de un nombre de database manipulado que es manejado incorrectamente en una consulta de la columna central. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html http://www.securityfocus.com/bid/91381 https://github.com/phpmyadmin/phpmyadmin/commit/ef6c66dca1b0cb0a1a482477938cfc859d2baee3 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-19 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-5704

https://notcve.org/view.php?id=CVE-2016-5704

Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. Vulnerabilidad de XSS en la página table-structure en phpMyAdmin 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a través de vectores relacionados con comentarios. • https://github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0

CVE-2016-5705

https://notcve.org/view.php?id=CVE-2016-5705

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar comandos web o HTML arbitrarios a través de vectores relacionados con (1) campos de datos de certificado de server-privilegies en la página de privilegios de usuario, (2) un error "invalid JSON" en la consola de error, (3) un nombre de database en las columnas centrales de implementación, (4) un nombre de grupo o (5) un nombre de búsqueda en la implementación de marcadores. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html http://www.debian.org/security/2016/dsa-3627 http://www.securityfocus.com/bid/91378 https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8 https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98 https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...14 15 16 17 18