Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-20 | CVE-2016-2043 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. | 5.4 |
| 2016-02-20 | CVE-2016-2042 | Information Exposure vulnerability in multiple products phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. | 5.3 |
| 2016-02-20 | CVE-2016-2040 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. | 5.4 |
| 2016-02-20 | CVE-2016-2039 | Information Exposure vulnerability in multiple products libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | 5.3 |
| 2016-02-20 | CVE-2016-2038 | Information Exposure vulnerability in multiple products phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | 5.3 |
| 2016-02-19 | CVE-2016-1156 | Improper Input Validation vulnerability in Linecorp Line 4.3.0.724/4.3.1 LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | 5.7 |
| 2016-02-19 | CVE-2015-7769 | OS Command Injection vulnerability in Basercms baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 6.3 |
| 2016-02-19 | CVE-2016-2271 | Unspecified vulnerability in XEN 4.6.0/4.6.1 VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. | 5.5 |
| 2016-02-19 | CVE-2016-2270 | Improper Input Validation vulnerability in multiple products Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | 6.8 |
| 2016-02-18 | CVE-2016-2509 | Information Exposure vulnerability in Belden Hirschmann Firmware and Hirschmann L2B The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.3 |