24 matches found
CVE-2014-3966
Cross-site scripting XSS vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username...
CVE-2014-3966
CVE-2014-3966 is a cross-site scripting vulnerability in MediaWiki’s Special:PasswordReset when wgRawHtml is enabled. It affects MediaWiki versions prior to 1.19.16, 1.21.x prior to 1.21.10, and 1.22.x prior to 1.22.7, enabling remote attackers to inject arbitrary script/HTML via an invalid usern...
UBUNTU-CVE-2013-2032
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks...
Intersil (Boa) HTTPd Basic Authentication Password Reset
The Intersil extension in the Boa HTTP Server 0.93.x - 0.94.11 allows basic authentication bypass when the user string is greater than 127 bytes long. The long string causes the password to be overwritten in memory, which enables the attacker to reset the password. In addition, the malicious...