Lucene search
K

29 matches found

NVD
NVD
added 2023/01/12 6:15 a.m.24 views

CVE-2022-47927

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files inclu...

5.5CVSS5.3AI score0.00269EPSS
Exploits1References5
Prion
Prion
added 2023/01/12 6:15 a.m.28 views

Code injection

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files inclu...

1.7CVSS5.4AI score0.00269EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.33 views

CVE-2022-47927

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files inclu...

5.8AI score0.00269EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.6 views

MediaWiki 安全漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. A security vulnerability exists in MediaWiki, which stems from the use of file mode 0644 when installed using a pre-existing data directory with weak privileges, which allows local users to rea...

5.5CVSS6.4AI score0.00269EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2021/03/31 6:0 a.m.31 views

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

5.3CVSS6.8AI score0.05301EPSS
Exploits1References4
NVD
NVD
added 2019/12/06 6:15 p.m.26 views

CVE-2019-16672

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext...

9.8CVSS9.6AI score0.01284EPSS
Exploits0References4
OSV
OSV
added 2012/10/03 11:2 a.m.5 views

CVE-2012-3520

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCMCREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to 1 Avahi or 2 NetworkManager...

5.8AI score
Exploits0References12
OSV
OSV
added 2012/10/03 12:0 a.m.3 views

UBUNTU-CVE-2012-3520

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCMCREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to 1 Avahi or 2 NetworkManager...

1.9CVSS7.2AI score0.00429EPSS
Exploits2References5
exploitpack
exploitpack
added 2009/10/21 12:0 a.m.10 views

OpenDocMan 1.2.5 - view_file.php Cross-Site Scripting

OpenDocMan 1.2.5 - viewfile.php Cross-Site Scripting source: https://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues...

6.8AI score
Exploits0
Rows per page
Query Builder