CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6311 | medium | 5.3 | 5.3 | 9y ago | Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | |||
| CVE-2016-2102 | medium | 5.3 | 5.3 | 9y ago | HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | |||
| CVE-2016-6794 | medium | 5.3 | 5.3 | 9y ago | System Property Disclosure in Apache Tomcat | |||
| CVE-2016-6083 | medium | 5.3 | 5.3 | 9y ago | IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. | |||
| CVE-2016-9983 | medium | 5.3 | 5.3 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. | |||
| CVE-2016-7832 | medium | 5.3 | 5.3 | 9y ago | Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||
| CVE-2016-9736 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. | |||
| CVE-2016-5648 | medium | 5.3 | 5.3 | 9y ago | Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | |||
| CVE-2016-9710 | medium | 5.3 | 5.3 | 9y ago | IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local syst… | |||
| CVE-2016-5959 | medium | 5.3 | 5.3 | 9y ago | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via se… | |||
| CVE-2016-6877 | medium | 5.3 | 5.3 | 9y ago | Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "o… | |||
| CVE-2016-3702 | medium | 5.3 | 5.3 | 9y ago | Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | |||
| CVE-2016-3731 | medium | 5.3 | 5.3 | 9y ago | Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. | |||
| CVE-2016-4890 | medium | 5.3 | 5.3 | 9y ago | ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a co… | |||
| CVE-2016-8725 | medium | 5.3 | 5.3 | 9y ago | An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without aut… | |||
| CVE-2016-8724 | medium | 5.3 | 5.3 | 9y ago | An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an … | |||
| CVE-2016-8722 | medium | 5.3 | 5.3 | 9y ago | An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific… | |||
| CVE-2016-3106 | medium | 5.3 | 5.3 | 9y ago | Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. | |||
| CVE-2016-4894 | medium | 5.3 | 5.3 | 9y ago | SetsucoCMS all versions allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2016-7467 | medium | 5.3 | 5.3 | 9y ago | The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic … | |||
| CVE-2016-9195 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS… | |||
| CVE-2016-8272 | medium | 5.3 | 5.3 | 9y ago | Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. | |||
| CVE-2016-8271 | medium | 5.3 | 5.3 | 9y ago | Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. | |||
| CVE-2016-9468 | medium | 5.3 | 5.3 | 9y ago | Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partiall… | |||
| CVE-2016-9467 | medium | 5.3 | 5.3 | 9y ago | Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parame… | |||
| CVE-2016-9460 | medium | 5.3 | 5.3 | 9y ago | Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. … | |||
| CVE-2016-9129 | medium | 5.3 | 5.3 | 9y ago | Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Rev… | |||
| CVE-2016-8018 | medium | 4.3 | 5.3 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a cr… | |||
| CVE-2016-9725 | medium | 5.3 | 5.3 | 9y ago | IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate … | |||
| CVE-2016-9720 | medium | 5.3 | 5.3 | 9y ago | IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533. | |||
| CVE-2016-4947 | medium | 5.3 | 5.3 | 9y ago | Cloudera HUE Account Enumeration | |||
| CVE-2016-4042 | medium | 5.3 | 5.3 | 9y ago | Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. | |||
| CVE-2016-6249 | medium | 5.3 | 5.3 | 9y ago | F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may all… | |||
| CVE-2016-7651 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass inten… | |||
| CVE-2016-6077 | medium | 5.3 | 5.3 | 9y ago | IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. | |||
| CVE-2016-9355 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Ala… | |||
| CVE-2016-9357 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAM… | |||
| CVE-2016-9346 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. | |||
| CVE-2016-9339 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elem… | |||
| CVE-2016-8367 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versio… | |||
| CVE-2016-5813 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used … | |||
| CVE-2016-2787 | medium | 5.3 | 5.3 | 9y ago | The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs… | |||
| CVE-2016-9686 | medium | 5.3 | 5.3 | 9y ago | The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is … | |||
| CVE-2016-0210 | medium | 5.3 | 5.3 | 9y ago | IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to … | |||
| CVE-2016-3124 | medium | 5.3 | 5.3 | 9y ago | The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. | |||
| CVE-2016-9772 | medium | 5.3 | 5.3 | 9y ago | OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC re… | |||
| CVE-2016-6099 | medium | 5.3 | 5.3 | 10y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. | |||
| CVE-2016-8982 | medium | 5.3 | 5.3 | 10y ago | IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer hea… | |||
| CVE-2016-8977 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. | |||
| CVE-2016-6117 | medium | 5.3 | 5.3 | 10y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. | |||
| CVE-2016-6080 | medium | 5.3 | 5.3 | 10y ago | The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | |||
| CVE-2016-5896 | medium | 5.3 | 5.3 | 10y ago | IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. | |||
| CVE-2016-3035 | medium | 5.3 | 5.3 | 10y ago | IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. | |||
| CVE-2016-3023 | medium | 5.3 | 5.3 | 10y ago | IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. | |||
| CVE-2016-9411 | medium | 5.3 | 5.3 | 10y ago | The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails. | |||
| CVE-2016-2217 | medium | 5.3 | 5.3 | 10y ago | The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. | |||
| CVE-2016-2518 | medium | 5.3 | 5.3 | 10y ago | The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | |||
| CVE-2016-2517 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending… | |||
| CVE-2016-2516 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directi… | |||
| CVE-2016-8324 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily ex… | |||
| CVE-2016-8317 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,… | |||
| CVE-2016-8307 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-8300 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2… | |||
| CVE-2016-5552 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embed… | |||
| CVE-2016-5547 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u1… | |||
| CVE-2016-9216 | medium | 5.3 | 5.3 | 10y ago | An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More … | |||
| CVE-2016-8644 | medium | 5.3 | 5.3 | 10y ago | In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | |||
| CVE-2016-8642 | medium | 5.3 | 5.3 | 10y ago | Moodle Unauthenticated Access | |||
| CVE-2016-5012 | medium | 5.3 | 5.3 | 10y ago | Moodle Glossary search displays entries without checking user permissions to view them | |||
| CVE-2016-9677 | medium | 5.3 | 5.3 | 10y ago | Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | |||
| CVE-2016-7433 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include t… | |||
| CVE-2016-7431 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. | |||
| CVE-2016-8605 | medium | 5.3 | 5.3 | 10y ago | The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permi… | |||
| CVE-2016-6771 | medium | 5.3 | 5.3 | 10y ago | An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a loc… | |||
| CVE-2016-2375 | medium | 5.3 | 5.3 | 10y ago | An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. | |||
| CVE-2016-1550 | medium | 5.3 | 5.3 | 10y ago | An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted … | |||
| CVE-2016-1547 | medium | 5.3 | 5.3 | 10y ago | An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a vi… | |||
| CVE-2016-10100 | medium | 5.3 | 5.3 | 10y ago | Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive. | |||
| CVE-2016-10099 | medium | 5.3 | 5.3 | 10y ago | Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives. | |||
| CVE-2016-7087 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via … | |||
| CVE-2016-5334 | medium | 5.3 | 5.3 | 10y ago | VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||
| CVE-2016-10072 | medium | 5.3 | 5.3 | 10y ago | WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary co… | |||
| CVE-2016-7281 | medium | 5.3 | 5.3 | 10y ago | The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Sec… | |||
| CVE-2016-7278 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosu… | |||
| CVE-2016-5186 | medium | 5.3 | 5.3 | 10y ago | multiple issues in chromium | |||
| CVE-2016-7888 | medium | 5.3 | 5.3 | 10y ago | Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak. | |||
| CVE-2016-6313 | medium | 5.3 | 5.3 | 10y ago | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of … | |||
| CVE-2016-9938 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_si… | |||
| CVE-2016-9859 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versi… | |||
| CVE-2016-9858 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4… | |||
| CVE-2016-9855 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9854 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9853 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin path disclosure | |||
| CVE-2016-9852 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9851 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin Bypass logout timeout | |||
| CVE-2016-9850 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x v… | |||
| CVE-2016-9848 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4… | |||
| CVE-2016-9847 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way thi… | |||
| CVE-2016-6627 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.… | |||
| CVE-2016-6613 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user… |