CVEs from 2016
Total
8,471
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6912 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. | |||
| CVE-2016-9307 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files. | |||
| CVE-2016-9306 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files. | |||
| CVE-2016-9305 | critical | 9.8 | 9.8 | 10y ago | Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain acce… | |||
| CVE-2016-9303 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files. | |||
| CVE-2016-10160 | critical | 9.8 | 9.8 | 10y ago | Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possib… | |||
| CVE-2016-9081 | critical | 9.8 | 9.8 | 10y ago | Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. | |||
| CVE-2016-7567 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. | |||
| CVE-2016-7036 | critical | 9.8 | 9.8 | 10y ago | python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. | |||
| CVE-2016-6603 | critical | 9.8 | 9.8 | 10y ago | ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. | |||
| CVE-2016-6517 | critical | 9.8 | 9.8 | 10y ago | Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp. | |||
| CVE-2016-6164 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors … | |||
| CVE-2016-5873 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL. | |||
| CVE-2016-5742 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers t… | |||
| CVE-2016-3177 | critical | 9.8 | 9.8 | 10y ago | Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. | |||
| CVE-2016-3147 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a lar… | |||
| CVE-2016-2783 | critical | 9.8 | 9.8 | 10y ago | Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attack… | |||
| CVE-2016-2242 | critical | 9.8 | 9.8 | 10y ago | Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | |||
| CVE-2016-1925 | critical | 9.8 | 9.8 | 10y ago | Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer… | |||
| CVE-2016-10157 | critical | 9.8 | 9.8 | 10y ago | Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the inst… | |||
| CVE-2016-7794 | critical | 9.8 | 9.8 | 10y ago | sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name. | |||
| CVE-2016-9679 | critical | 9.8 | 9.8 | 10y ago | Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. | |||
| CVE-2016-9678 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-9676 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-7996 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. | |||
| CVE-2016-8205 | critical | 9.8 | 9.8 | 10y ago | A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious fi… | |||
| CVE-2016-8204 | critical | 9.8 | 9.8 | 10y ago | A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a s… | |||
| CVE-2016-2090 | critical | 9.8 | 9.8 | 10y ago | Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | |||
| CVE-2016-10141 | critical | 9.8 | 9.8 | 10y ago | An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expres… | |||
| CVE-2016-3152 | critical | 9.8 | 9.8 | 10y ago | Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. | |||
| CVE-2016-3149 | critical | 9.8 | 9.8 | 10y ago | Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-8606 | critical | 9.8 | 9.8 | 10y ago | The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | |||
| CVE-2016-7791 | critical | 9.8 | 9.8 | 10y ago | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install… | |||
| CVE-2016-7790 | critical | 9.8 | 9.8 | 10y ago | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/con… | |||
| CVE-2016-8459 | critical | 9.8 | 9.8 | 10y ago | Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-3257… | |||
| CVE-2016-8440 | critical | 9.8 | 9.8 | 10y ago | Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31… | |||
| CVE-2016-8439 | critical | 9.8 | 9.8 | 10y ago | Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: … | |||
| CVE-2016-8438 | critical | 9.8 | 9.8 | 10y ago | Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Androi… | |||
| CVE-2016-8437 | critical | 9.8 | 9.8 | 10y ago | Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1… | |||
| CVE-2016-8398 | critical | 9.8 | 9.8 | 10y ago | Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. Refere… | |||
| CVE-2016-10131 | critical | 9.8 | 9.8 | 10y ago | CodeIgniter arbitrary code execution | |||
| CVE-2016-7479 | critical | 9.8 | 9.8 | 10y ago | In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain ar… | |||
| CVE-2016-7480 | critical | 9.8 | 9.8 | 10y ago | The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or caus… | |||
| CVE-2016-6830 | critical | 9.8 | 9.8 | 10y ago | The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-s… | |||
| CVE-2016-10126 | critical | 9.8 | 9.8 | 10y ago | Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP … | |||
| CVE-2016-9885 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to co… | |||
| CVE-2016-8705 | critical | 9.8 | 9.8 | 10y ago | arbitrary code execution in memcached | |||
| CVE-2016-8704 | critical | 9.8 | 9.8 | 10y ago | arbitrary code execution in memcached | |||
| CVE-2016-4336 | critical | 9.8 | 9.8 | 10y ago | An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow… | |||
| CVE-2016-2339 | critical | 9.8 | 9.8 | 10y ago | An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is m… | |||
| CVE-2016-2337 | critical | 9.8 | 9.8 | 10y ago | Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. | |||
| CVE-2016-2336 | critical | 9.8 | 9.8 | 10y ago | Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code e… | |||
| CVE-2016-6890 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate. | |||
| CVE-2016-7399 | critical | 9.8 | 9.8 | 10y ago | scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metac… | |||
| CVE-2016-9936 | critical | 9.8 | 9.8 | 10y ago | The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via craft… | |||
| CVE-2016-9935 | critical | 9.8 | 9.8 | 10y ago | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or pos… | |||
| CVE-2016-9138 | critical | 9.8 | 9.8 | 10y ago | PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other im… | |||
| CVE-2016-9137 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have un… | |||
| CVE-2016-8670 | critical | 9.8 | 9.8 | 10y ago | Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers … | |||
| CVE-2016-10115 | critical | 9.8 | 9.8 | 10y ago | NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default passw… | |||
| CVE-2016-10114 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving catego… | |||
| CVE-2016-10107 | critical | 9.8 | 9.8 | 10y ago | Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. | |||
| CVE-2016-10105 | critical | 9.8 | 9.8 | 10y ago | admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence. | |||
| CVE-2016-9942 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra… | |||
| CVE-2016-9941 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a … | |||
| CVE-2016-10074 | critical | 9.8 | 9.8 | 10y ago | Swift Mailer mail transport Command Injection | |||
| CVE-2016-10034 | critical | 9.8 | 9.8 | 10y ago | zend-mail remote code execution via Sendmail adapter | |||
| CVE-2016-10082 | critical | 9.8 | 9.8 | 10y ago | include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the… | |||
| CVE-2016-9877 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport… | |||
| CVE-2016-9223 | critical | 9.8 | 9.8 | 10y ago | A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privi… | |||
| CVE-2016-2355 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | |||
| CVE-2016-9967 | critical | 9.8 | 9.8 | 10y ago | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re… | |||
| CVE-2016-9966 | critical | 9.8 | 9.8 | 10y ago | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re… | |||
| CVE-2016-9965 | critical | 9.8 | 9.8 | 10y ago | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re… | |||
| CVE-2016-9565 | critical | 9.8 | 9.8 | 10y ago | MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed serv… | |||
| CVE-2016-7886 | critical | 9.8 | 9.8 | 10y ago | Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7866 | critical | 9.8 | 9.8 | 10y ago | Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7856 | critical | 9.8 | 9.8 | 10y ago | Adobe DNG Converter versions 9.7 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-1000156 | critical | 9.8 | 9.8 | 10y ago | Mailcwp remote file upload vulnerability incomplete fix v1.100 | |||
| CVE-2016-7953 | critical | 9.8 | 9.8 | 10y ago | Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | |||
| CVE-2016-7951 | critical | 9.8 | 9.8 | 10y ago | Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | |||
| CVE-2016-7950 | critical | 9.8 | 9.8 | 10y ago | The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. | |||
| CVE-2016-7949 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors … | |||
| CVE-2016-7948 | critical | 9.8 | 9.8 | 10y ago | X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | |||
| CVE-2016-7947 | critical | 9.8 | 9.8 | 10y ago | Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. | |||
| CVE-2016-7944 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and … | |||
| CVE-2016-7943 | critical | 9.8 | 9.8 | 10y ago | The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. | |||
| CVE-2016-7942 | critical | 9.8 | 9.8 | 10y ago | The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. | |||
| CVE-2016-5407 | critical | 9.8 | 9.8 | 10y ago | The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifica… | |||
| CVE-2016-4322 | critical | 9.8 | 9.8 | 10y ago | BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveragin… | |||
| CVE-2016-5841 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involvi… | |||
| CVE-2016-5691 | critical | 9.8 | 9.8 | 10y ago | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixe… | |||
| CVE-2016-5690 | critical | 9.8 | 9.8 | 10y ago | The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing th… | |||
| CVE-2016-5689 | critical | 9.8 | 9.8 | 10y ago | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. | |||
| CVE-2016-5687 | critical | 9.8 | 9.8 | 10y ago | The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-b… | |||
| CVE-2016-9427 | critical | 9.8 | 9.8 | 10y ago | Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocat… | |||
| CVE-2016-9866 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All … | |||
| CVE-2016-9865 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.… | |||
| CVE-2016-9849 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x vers… | |||
| CVE-2016-6629 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by A… |