Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-02-20 CVE-2016-2045 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
network
low complexity
phpmyadmin fedoraproject CWE-79
5.4
5.4
2016-02-20 CVE-2016-2044 Information Exposure vulnerability in multiple products
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
fedoraproject phpmyadmin CWE-200
5.3
5.3
2016-02-20 CVE-2016-2043 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
network
low complexity
fedoraproject opensuse phpmyadmin CWE-79
5.4
5.4
2016-02-20 CVE-2016-2042 Information Exposure vulnerability in multiple products
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
network
low complexity
opensuse fedoraproject phpmyadmin CWE-200
5.3
5.3
2016-02-20 CVE-2016-2040 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
network
low complexity
fedoraproject opensuse phpmyadmin CWE-79
5.4
5.4
2016-02-20 CVE-2016-2039 Information Exposure vulnerability in multiple products
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
network
low complexity
opensuse phpmyadmin fedoraproject CWE-200
5.3
5.3
2016-02-20 CVE-2016-2038 Information Exposure vulnerability in multiple products
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
phpmyadmin fedoraproject opensuse CWE-200
5.3
5.3
2016-02-19 CVE-2016-1156 Improper Input Validation vulnerability in Linecorp Line 4.3.0.724/4.3.1
LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.
network
low complexity
linecorp CWE-20
5.7
5.7
2016-02-19 CVE-2015-7769 OS Command Injection vulnerability in Basercms
baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
basercms CWE-78
6.3
6.3
2016-02-19 CVE-2016-2271 Unspecified vulnerability in XEN 4.6.0/4.6.1
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.
local
low complexity
xen
5.5
5.5