Search

Found 29 results in 26ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2016-9866	critical	9.8	9.8	FIX	debian	phpmyadmin	10y ago	An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All …
CVE-2016-9865	critical	9.8	9.8	FIX	debian	phpmyadmin	10y ago	An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.…
CVE-2016-9849	critical	9.8	9.8	FIX	debian	phpmyadmin	10y ago	An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x vers…
CVE-2016-6629	critical	9.8	9.8	FIX	debian	phpmyadmin	10y ago	An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by A…
CVE-2016-6620	critical	9.8	9.8	FIX	debian	phpmyadmin	10y ago	An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution bec…
CVE-2016-5734	critical	9.8	10.0	EXPFIX	debian	phpmyadmin	10y ago	phpMyAdmin Code Injection vulnerability
CVE-2016-5703	critical	9.8	9.8	FIX	suse debian	phpmyadmin	10y ago	SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted dat…
CVE-2016-5702	low	3.7	3.7	FIX	debian	phpmyadmin	10y ago	phpMyAdmin cookie-attribute injection
CVE-2011-3592	low	—	3.5	FIX	debian	phpmyadmin	12y ago	Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script o…
CVE-2011-3591	low	—	3.5	FIX	debian	phpmyadmin	12y ago	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an imprope…
CVE-2014-8960	low	—	3.5	FIX	debian	phpmyadmin	12y ago	Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users…
CVE-2014-8326	low	—	3.5	FIX	suse debian	phpmyadmin	12y ago	phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
CVE-2014-7217	low	—	3.5	FIX	debian	phpmyadmin	12y ago	phpMyAdmin cross-site scripting Vulnerability via ENUM value
CVE-2014-5274	low	—	3.5	FIX	suse debian	phpmyadmin	12y ago	phpMyAdmin cross-site scripting vulnerability in crafted view name
CVE-2014-5273	low	—	3.5	FIX	debian	phpmyadmin	12y ago	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web scrip…
CVE-2014-4986	low	—	3.5	FIX	debian	phpmyadmin	12y ago	phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
CVE-2014-4955	low	—	3.5	FIX	debian	phpmyadmin	12y ago	Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 all…
CVE-2014-4954	low	—	3.5	FIX	debian	phpmyadmin	12y ago	Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrar…
CVE-2014-4349	low	—	3.5	FIX	debian	phpmyadmin	12y ago	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ta…
CVE-2014-4348	low	—	3.5	FIX	debian	phpmyadmin	12y ago	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) tab…
CVE-2014-1879	low	—	3.5	FIX	debian	phpmyadmin	13y ago	Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
CVE-2013-5002	low	—	3.5	FIX	debian	phpmyadmin	13y ago	phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
CVE-2013-5001	low	—	3.5	FIX	debian	phpmyadmin	13y ago	Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to …
CVE-2013-4995	low	—	3.5	FIX	debian	phpmyadmin	13y ago	Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query t…
CVE-2013-3742	low	—	3.5	FIX	debian	phpmyadmin	13y ago	Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an i…
CVE-2012-5339	low	—	3.5	FIX	debian	phpmyadmin	14y ago	phpMyAdmin multiple cross-site scripting vulnerabilities
CVE-2012-4579	low	—	3.5	FIX	debian	phpmyadmin	14y ago	phpMyAdmin Multiple XSS Vulnerabilities
CVE-2012-4345	low	—	3.5	FIX	debian	phpmyadmin	14y ago	phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
CVE-2011-2642	low	—	2.6	FIX	debian	phpmyadmin	15y ago	Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users…