127 matches found
Search and Dump System Configuration: otseca
The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time...
Otseca - Security Auditing Tool To Search And Dump System Configuration
Otseca is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats. For more information, see wiki. How To Use It's simple: Clone this repository git clone https://github.com/trimstray/otseca Go into the repository...
UBUNTU-CVE-2017-0368
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages...
Fedora 19 : mediawiki-1.23.7-1.fc19 (2014-16020)
http://www.mediawiki.org/wiki/Releasenotes/1.23MediaWiki1.23.7 - bug 66776, bug 71478 SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done...
Fedora 20 : mediawiki-1.23.7-1.fc20 (2014-16033)
http://www.mediawiki.org/wiki/Releasenotes/1.23MediaWiki1.23.7 - bug 66776, bug 71478 SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done...
Updated mediawiki packages fix security vulnerabilies
In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML CVE-2014-9276. MediaWiki's mangling, in MediaWiki before 1.23.7, could allow an article editor to inject code into API consumers that blindly unserialize PHP representations of the page from th...
DEBIAN-CVE-2014-3966
Cross-site scripting XSS vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username...