10 matches found
XWiki Platform - Unauthorized Document History Access
A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details username and display name, and version comments, regardless of access...
CVE-2023-36468
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the...
CVE-2024-54446 Blind SQLi in Document History
Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in...
CVE-2024-54446 Blind SQLi in Document History
Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in...
LogicalDOC SQL注入漏洞
LogicalDOC is the United States LogicalDOC company a set of document management system developed using Java technology. The system has features such as Lucene full-text search indexing and automatic import. A security vulnerability exists in LogicalDOC that stems from the document history feature...
CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...
GHSA-PVMM-55R5-G3MM XWiki Platform document history including authors of any page exposed to unauthorized actors
Impact The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username and displayed name and the version...
CVE-2023-36468 Upgrading doesn't prevent exploiting vulnerable XWiki documents
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the...
PT-2022-6848 · Unknown · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.7 XWiki Platform versions prior to 15.2RC1 XWiki Platform versions prior to 13.10.6 XWiki Platform versions prior to 14.4 Description: The XWiki Platform has a vulnerability that allows remote code...
[SECURITY] Fedora 32 Update: pdfresurrect-0.21-1.fc32
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also...