Filtered by vendor Phpmyadmin
Subscribe
Total
269 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6633 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6632 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6631 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6630 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6629 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6628 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6627 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6626 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6625 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6624 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6623 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6622 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6621 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
CVE-2016-6620 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6619 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6618 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6617 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. | |||||
CVE-2016-6616 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. | |||||
CVE-2016-6615 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. | |||||
CVE-2016-6614 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |