|
266241
|
6.8 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user…
|
CWE-22
Path Traversal
|
CVE-2016-6614
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266242
|
5.3 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user…
|
CWE-200
Information Exposure
|
CVE-2016-6613
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266243
|
6.5 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions…
|
CWE-200
Information Exposure
|
CVE-2016-6612
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266244
|
8.1 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6…
|
CWE-89
SQL Injection
|
CVE-2016-6611
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266245
|
4.3 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x ve…
|
CWE-200
Information Exposure
|
CVE-2016-6610
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266246
|
8.8 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versi…
|
CWE-77
Command Injection
|
CVE-2016-6609
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266247
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6608
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266248
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are …
|
CWE-79
Cross-site Scripting
|
CVE-2016-6607
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266249
|
8.1 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's bro…
|
CWE-310
CWE-200
Cryptographic Issues
Information Exposure
|
CVE-2016-6606
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266250
|
6.0 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initial…
|
CWE-665
Improper Initialization
|
CVE-2016-6836
|
2024-11-21 11:56 |
2016-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
