UBUNTU-CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

CVE-2015-2940

CVE-2015-2940 is a CSRF flaw in the MediaWiki CheckUser extension that can allow a remote attacker to hijack a user’s session and retrieve sensitive information. The connected advisories corroborate this as part of multiple vulnerabilities affecting MediaWiki, with remediation guidance to upgrade...

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

mediawiki: multiple issues

CVE-2015-2931 cross-side scripting It was discovered that MIME types were not properly restricted, allowing a way to circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in a SVG file. - CVE-2015-2932 cross-side scripting The SVG filter to prevent...

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG CVE-2015-2931. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScrip...

大汉版通所属部分系统文件任意文件上传漏洞

简要描述： 任意类型文件上传，可getshell。影响到jact、jsearch、JCMS相关版本，不好一一统计。 详细说明： 受影响的系统版本是WebService中存在一个receivefile操作的，一般在wsInfo服务中。 （注：不同产品不同版本代码可能会有所不同） 0x1 jsearch public String receivefileString strLoginId, String strPwd, String strKey, DataHandler handler, String filename, int iState String result = "";...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors...

CVE-2013-4306

CVE-2013-4306 is a CSRF vulnerability in the CheckUser extension for MediaWiki (api/ApiQueryCheckUser.php), possibly affecting Checkuser before 2.3, allowing remote attackers to hijack user sessions for requests that perform sensitive write actions. Public documents confirm affected component and...

CVE-2013-4306

Cross-site request forgery CSRF vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors...

MediaWiki < 1.19.8 / 1.20.7 / 1.21.2 Multiple Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - The full installation path is disclosed in an error message when an invalid language is specified in the ResourceLoader. CVE-2013-4301 - Multiple cross-site reque...