CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

Design/Logic Flaw

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

CVE-2019-18611

CVE-2019-18611 affects the MediaWiki CheckUser extension (up to v1.34). The issue enables certain sensitive information contained in oversighted edit summaries to be visible via the MediaWiki API to users with varying access levels. Underlying cause and impact are that confidentiality can be part...

CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

dedeCMS use links to mention the right vulnerability

In the tpl. php /--------------------------- function savetagfile Save the label pieces to modify --------------------------/ else if$action=='savetagfile' if! pregmatch"^a-z0-9-1,. lib.php$i", $filename ShowMsg'file name is not legal, not allowed!', '-1'; exit; requireonceDEDEINC.'/...

MediaWiki < 1.19.24 / 1.23.9 / 1.24.2 Multiple Vulnerabilities

Binary data 9471.prm...

MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2015-02413)

MediaWiki is a Wiki program. A cross-site request forgery vulnerability exists in the MediaWiki CheckUser extension. A remote attacker can exploit this vulnerability to retrieve sensitive user information...

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

DEBIAN-CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

UBUNTU-CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

CVE-2015-2940

CVE-2015-2940 is a CSRF flaw in the MediaWiki CheckUser extension that can allow a remote attacker to hijack a user’s session and retrieve sensitive information. The connected advisories corroborate this as part of multiple vulnerabilities affecting MediaWiki, with remediation guidance to upgrade...

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

CVE-2015-2940

Cross-site request forgery CSRF vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors...

mediawiki: multiple issues

CVE-2015-2931 cross-side scripting It was discovered that MIME types were not properly restricted, allowing a way to circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in a SVG file. - CVE-2015-2932 cross-side scripting The SVG filter to prevent...

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG CVE-2015-2931. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScrip...

大汉版通所属部分系统文件任意文件上传漏洞

简要描述： 任意类型文件上传，可getshell。影响到jact、jsearch、JCMS相关版本，不好一一统计。 详细说明： 受影响的系统版本是WebService中存在一个receivefile操作的，一般在wsInfo服务中。 （注：不同产品不同版本代码可能会有所不同） 0x1 jsearch public String receivefileString strLoginId, String strPwd, String strKey, DataHandler handler, String filename, int iState String result = "";...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors...