|
268111
|
5.3 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user…
|
CWE-200
Information Exposure
|
CVE-2016-6613
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268112
|
6.5 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions…
|
CWE-200
Information Exposure
|
CVE-2016-6612
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268113
|
8.1 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6…
|
CWE-89
SQL Injection
|
CVE-2016-6611
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268114
|
4.3 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x ve…
|
CWE-200
Information Exposure
|
CVE-2016-6610
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268115
|
8.8 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versi…
|
CWE-77
Command Injection
|
CVE-2016-6609
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268116
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6608
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268117
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are …
|
CWE-79
Cross-site Scripting
|
CVE-2016-6607
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268118
|
8.1 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's bro…
|
CWE-310
CWE-200
Cryptographic Issues
Information Exposure
|
CVE-2016-6606
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268119
|
6.0 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initial…
|
CWE-665
Improper Initialization
|
CVE-2016-6836
|
2024-11-21 11:56 |
2016-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268120
|
6.0 |
MEDIUM
Local
|
qemu
redhat
debian
|
qemu
virtualization
debian_linux
|
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging fail…
|
NVD-CWE-Other
|
CVE-2016-6835
|
2024-11-21 11:56 |
2016-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
