29 matches found
EUVD-2016-7264
Malware in sbrugna...
EUVD-2017-17755
Malware in sbrugna...
EUVD-2017-17757
Malware in sbrugna...
EUVD-2014-9306
Malware in sbrugna...
EUVD-2010-1219
Malware in sbrugna...
EUVD-2012-1596
Malware in sbrugna...
EUVD-2008-4389
Malware in sbrugna...
EUVD-2015-8503
Malware in sbrugna...
EUVD-2021-17092
Malware in sbrugna...
EUVD-2012-4324
Malware in sbrugna...
EUVD-2015-8501
Malware in sbrugna...
EUVD-2017-0721
Malware in sbrugna...
EUVD-2022-1955
Malicious code in bioql PyPI...
CVE-2022-29903
The Private Domains extension for MediaWiki through 1.37.2 before 1ad65d4c1c199b375ea80988d99ab51ae068f766 allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains...
MGASA-2022-0370 Updated mediawiki packages fix security vulnerability
HTMLUserTextField exposes existence of hidden users CVE-2022-41765. reassignEdits doesn't update results in an IP range check on Special:Contributions CVE-2022-41767...
CVE-2022-28201
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message...
GHSA-PJV5-VV93-P648 Possible to circumvent title-blacklist
MediaWiki through 1.33.1 allows attackers to bypass the Titleblacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page...
CVE-2021-45471
In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items...
CVE-2019-12469
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...
CVE-2015-8623
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...