CVE-2007-0894
https://notcve.org/view.php?id=CVE-2007-0894
MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. MediaWiki anterior a 1.9.2 permite a atacantes remotos obtener información sensible mediante una petición directa de (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, o (4) Chick.deps.php en wiki/skins, lo cual muestra la ruta de instalación en el mensaje de error resultante. • http://bugzilla.wikimedia.org/show_bug.cgi?id=8819 http://osvdb.org/33706 http://osvdb.org/33707 http://osvdb.org/33708 http://osvdb.org/33709 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=19681 http://www.securityfocus.com/archive/1/459793/100/0/threaded http://zone14.free.fr/advisories/7 https://exchange.xforce.ibmcloud.com/vulnerabilities/32440 •
CVE-2006-2611
https://notcve.org/view.php?id=CVE-2006-2611
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. • http://bugzilla.wikimedia.org/show_bug.cgi?id=6055 http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html http://nickj.org/MediaWiki http://secunia.com/advisories/20189 http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349 http://www.osvdb.org/25713 http://www.vupen.com/english •
CVE-2005-4501
https://notcve.org/view.php?id=CVE-2005-4501
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/18219 http://secunia.com/advisories/18717 http://www.mediawiki.org/wiki/Download http://www.securityfocus.com/bid/16032 http://www.vupen.com/english/advisories/2005/3059 https://exchange.xforce.ibmcloud.com/vulnerabilities/23882 •
CVE-2005-3166
https://notcve.org/view.php?id=CVE-2005-3166
Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. • http://sourceforge.net/project/shownotes.php?release_id=358163 http://www.novell.com/linux/security/advisories/2005_22_sr.html http://www.osvdb.org/19956 •
CVE-2005-2396
https://notcve.org/view.php?id=CVE-2005-2396
Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template. Vulnerabilidad de secuencia de comandos en sitios cruzados en MediaWiki 1.4.6 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante un parámetro a la plantilla de mover página. • http://secunia.com/advisories/15950 http://secunia.com/advisories/16130 http://security.gentoo.org/glsa/glsa-200507-18.xml http://www.osvdb.org/17763 http://www.securityfocus.com/bid/14327 https://exchange.xforce.ibmcloud.com/vulnerabilities/21491 •