Max CVSS 5.0 Min CVSS 3.5 Total Count9
IDCVSSSummaryLast (major) updatePublished
CVE-2016-2041 5.0
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restri
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2016-2040 3.5
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) s
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2016-2039 5.0
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2016-1927 5.0
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a bru
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2016-2044 5.0
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
17-08-2016 - 15:37 19-02-2016 - 20:59
CVE-2016-2043 3.5
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the
17-08-2016 - 15:37 19-02-2016 - 20:59
CVE-2016-2042 5.0
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path
17-08-2016 - 15:36 19-02-2016 - 20:59
CVE-2016-2038 5.0
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
17-08-2016 - 14:56 19-02-2016 - 20:59
CVE-2016-2045 3.5
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
02-08-2016 - 14:42 19-02-2016 - 20:59
Back to Top Mark selected
Back to Top