317 matches found
MediaWiki Information Disclosure Vulnerability (CNVD-2021-21939)
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.31.8, 1.32.x...
DEBIAN-CVE-2020-15005
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...
CVE-2020-15005
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...
CVE-2020-15005
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...
UBUNTU-CVE-2020-15005
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...
CVE-2020-15005
CVE-2020-15005 affects MediaWiki before 1.31.8, 1.32.x, 1.33.x before 1.33.4, and 1.34.x before 1.34.2. The root cause is mishandling of Cache-Control and Vary headers on private wikis behind a caching proxy using the img_auth.php image authorization feature, allowing public caches to store and s...
PT-2020-6807 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.31.8 MediaWiki versions 1.32.x MediaWiki versions 1.33.x prior to 1.33.4 MediaWiki versions 1.34.x prior to 1.34.2 Description: The issue concerns private wikis behind a caching server that use the img auth.php...
Citrix Gateway 11.1 / 12.0 / 12.1 Information Disclosure Vulnerability
Exploit for multiple platform in category web applications Product: Citrix Gateway Manufacturer: Citrix Systems, Inc. Affected Versions: 11.1, 12.0, 12.1 Tested Versions: 11.1.63.15, 12.0.63.13, 12.1.55.18 Vulnerability Type: Information Exposure Through Caching CWE-512 Risk Level: Information...
PT-2020-6879 · Abb · Esoms
Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 through 6.0.3 Description: The issue is related to the improper configuration of the Cache-Control and Pragma HTTP headers within the application response. This can potentially allow browsers and proxies to cache...
CVE-2013-4572
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...
Privilege escalation
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...
CVE-2013-4572
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...
CVE-2013-4572
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...
CVE-2013-4572
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...
Hospital Management System 4.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4.0 Tested on...
WordPress 5.2.3 - Cross-Site Host Modification Exploit
Exploit for php platform in category web applications !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server,...
CVE-2019-0338
During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure...
GHSA-22MF-97VH-X8RW Deserialization vulnerability exists in parso
DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...
Missing 'Cache-Control' Header
The HTTP 'Cache-Control' header is used to specify directives for caching mechanisms. The server did not return or returned an invalid 'Cache-Control' header which means page containing sensitive information password, credit card, personal data, social security number, etc could be stored on clie...
GitLab: Inadequate cache control in gitter allows to view private chat room
Hi Gitlab, Summary: I have found a inadequate cache control vulnerability in Gitter. Description: You can use the backspace button to get the full access to the account. There is no cache control and the browser saves sensitive information of a private chat room. This report is influenced by the...