NotCVE - vendor:"Mediawiki" product:"Mediawiki" version:"1.22.0"

Page 25 of 245 results (0.030 seconds)

CVSS: 9.1EPSS: 0%CPEs: 90EXPL: 0

CVE-2014-2243 – Mandriva Linux Security Advisory 2014-057

https://notcve.org/view.php?id=CVE-2014-2243

02 Mar 2014 — includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses. includes/User.php en MediaWiki anterior a 1.19.12, 1.20.x y 1.21.x anterior a 1.21.6 y 1.22.x anterior a 1.22.3 termina la validación de un token de usuario cua... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 9.8EPSS: 61%CPEs: 17EXPL: 5

CVE-2014-1610 – MediaWiki - 'Thumb.php' Remote Command Execution

https://notcve.org/view.php?id=CVE-2014-1610

30 Jan 2014 — MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php. MediaWiki 1.22.x en v... • https://packetstorm.news/files/id/125040 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 1%CPEs: 136EXPL: 0

CVE-2011-0047 – Gentoo Linux Security Advisory 201206-09

https://notcve.org/view.php?id=CVE-2011-0047

04 Feb 2011 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en MediaWiki anterior a v1.16.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante una hoja de estilos (CSS) manipulada, también conocido como "vulnerabilidad de inyección de... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 135EXPL: 0

CVE-2011-0003 – Gentoo Linux Security Advisory 201206-09

https://notcve.org/view.php?id=CVE-2011-0003

11 Jan 2011 — MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. MediaWiki anterior a v1.16.1, cuando el usuario o el sitio JavaScript o CSS está activado, permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. Multiple vulnerabilities have been found in MediaWiki, the worst of which leading to remote execution of arbitrary code. Versions less than 1.18.2 are affected. • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0

CVE-2005-1888

https://notcve.org/view.php?id=CVE-2005-1888

06 Jun 2005 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. • http://sourceforge.net/project/shownotes.php?release_id=332231 •

1...23 24 25