|
266131
|
9.8 |
CRITICAL
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.…
|
CWE-254
CWE-502
7PK - Security Features
Deserialization of Untrusted Data
|
CVE-2016-9865
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266132
|
7.5 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are aff…
|
CWE-20
Improper Input Validation
|
CVE-2016-9863
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266133
|
7.5 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.
|
CWE-94
Code Injection
|
CVE-2016-9862
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266134
|
7.5 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.…
|
CWE-254
7PK - Security Features
|
CVE-2016-9861
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266135
|
5.9 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4…
|
CWE-20
Improper Input Validation
|
CVE-2016-9860
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266136
|
7.5 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the contro…
|
CWE-89
SQL Injection
|
CVE-2016-9864
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266137
|
5.3 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versi…
|
CWE-20
Improper Input Validation
|
CVE-2016-9859
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266138
|
5.3 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4…
|
CWE-20
Improper Input Validation
|
CVE-2016-9858
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266139
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9857
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266140
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9856
|
2024-11-21 12:01 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
