45 matches found
EUVD-2021-22764
Malware in sbrugna...
EUVD-2020-20128
Malware in sbrugna...
EUVD-2020-18751
Malware in sbrugna...
EUVD-2022-32660
Malicious code in bioql PyPI...
CVE-2022-28206
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights...
CVE-2020-27621
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...
BIT-MEDIAWIKI-2020-26121
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload...
BIT-MEDIAWIKI-2020-27621
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...
BIT-MEDIAWIKI-2021-36132
An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...
BIT-MEDIAWIKI-2021-45474
In MediaWiki through 1.37, the Special:ImportFile URI aka FileImporter allows XSS, as demonstrated by the clientUrl parameter...
BIT-MEDIAWIKI-2022-28206
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights...
GLSA-202305-24 : MediaWiki: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-24 MediaWiki: Multiple Vulnerabilities - MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. CVE-2021-41798 - MediaWiki before 1.36.2...
GitLab: RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag)
Summary The DecompressedArchiveSizeValidator is used to check the size of a archive before extracting it: https://gitlab.com/gitlab-org/gitlab/-/blob/v15.1.0-ee/lib/gitlab/importexport/decompressedarchivesizevalidator.rbL82 ruby def command "gzip -dc @archivepath | wc -c" end def validate pgrp =...
MediaWiki <= 1.39.4 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
MediaWiki <= 1.39.4 Multiple Vulnerabilities - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
CVE-2022-28206
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights...
CVE-2022-28206
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights...
CVE-2022-28206
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights...
Design/Logic Flaw
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.37.1, which stems from...