|
269521
|
5.9 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in …
|
CWE-254
7PK - Security Features
|
CVE-2016-6624
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269522
|
6.5 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions…
|
CWE-20
Improper Input Validation
|
CVE-2016-6623
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269523
|
5.9 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitra…
|
CWE-399
Resource Management Errors
|
CVE-2016-6622
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269524
|
9.8 |
CRITICAL
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution bec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-6620
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269525
|
8.8 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4…
|
CWE-89
SQL Injection
|
CVE-2016-6619
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269526
|
6.5 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (pr…
|
NVD-CWE-noinfo
|
CVE-2016-6618
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269527
|
8.1 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6…
|
CWE-89
SQL Injection
|
CVE-2016-6617
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269528
|
7.5 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.…
|
CWE-89
SQL Injection
|
CVE-2016-6616
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269529
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" featu…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6615
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269530
|
6.8 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user…
|
CWE-22
Path Traversal
|
CVE-2016-6614
|
2024-11-21 11:56 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
