CVE-2013-1818
https://notcve.org/view.php?id=CVE-2013-1818
maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. maintenance/mwdoc-filter.php en MediaWiki anterior a 1.20.3 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://www.mediawiki.org/wiki/Release_notes/1.20 http://www.securityfocus.com/bid/58304 https://bugzilla.wikimedia.org/show_bug.cgi?id=45355 https://exchange.xforce.ibmcloud.com/vulnerabilities/88363 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-1816
https://notcve.org/view.php?id=CVE-2013-1816
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a 1.20.3, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) mediante el envío de una petición especialmente diseñada. • http://security.gentoo.org/glsa/glsa-201310-21.xml http://www.openwall.com/lists/oss-security/2013/03/05/4 http://www.securityfocus.com/bid/58306 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1816 https://exchange.xforce.ibmcloud.com/vulnerabilities/88360 https://security-tracker.debian.org/tracker/CVE-2013-1816 • CWE-20: Improper Input Validation •
CVE-2013-1817
https://notcve.org/view.php?id=CVE-2013-1817
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a la versión 1.20.3, contiene un error en el script api.php lo que permite a atacantes remotos obtener información confidencial. • http://security.gentoo.org/glsa/glsa-201310-21.xml http://www.openwall.com/lists/oss-security/2013/03/05/4 http://www.securityfocus.com/bid/58305 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817 https://exchange.xforce.ibmcloud.com/vulnerabilities/88359 https://security-tracker.debian.org/tracker/CVE-2013-1817 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4305
https://notcve.org/view.php?id=CVE-2013-4305
Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de XSS en contrib/example.php de la extensión SyntaxHighlight GeSHi para MediaWiki, posiblemente la descargada antes de septiembre de 2013, permite a atacantes remotos inyectar script web arbitrario o HTML a través de PATH_INFO. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html http://osvdb.org/96909 http://seclists.org/oss-sec/2013/q3/553 https://bugzilla.wikimedia.org/show_bug.cgi?id=49070 https://exchange.xforce.ibmcloud.com/vulnerabilities/86890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-4306
https://notcve.org/view.php?id=CVE-2013-4306
Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors. Vulnerabilidad cross-site request forgery (CSRF) en api/ApiQueryCheckUser.php en la extensión CheckUser para MediaWiki, posiblemente CheckUser anteriores a 2.3, permite a atacantes remotos secuestrar la autenticación de usuarios de forma arbitraria para peticiones que "realizan acciones de escritura sensibles" a través de vectores no especificados. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html http://osvdb.org/96908 http://seclists.org/oss-sec/2013/q3/553 http://www.securityfocus.com/bid/62210 https://bugzilla.wikimedia.org/show_bug.cgi?id=45019 https://exchange.xforce.ibmcloud.com/vulnerabilities/86893 https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651 • CWE-352: Cross-Site Request Forgery (CSRF) •