16 matches found
CVE-2021-41801
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
EUVD-2021-28808
Malicious code in bioql PyPI...
BIT-MEDIAWIKI-2021-41801
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
DEBIAN-CVE-2021-41801
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
CVE-2021-41801
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
CVE-2021-41801
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
CVE-2021-41801
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
UBUNTU-CVE-2021-41801
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
Information disclosure
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
CVE-2021-41801
The CVE-2021-41801 issue affects MediaWiki's ReplaceText extension (up to v1.41) and causes Incorrect Access Control: after a user is blocked following a replace job submission, the queued job may still execute later. The Debian security advisory and related Nessus entries confirm this as a vulne...
CVE-2021-41801
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
CVE-2021-41801
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...
FreeBSD : mediawiki -- multiple vulnerabilities (f84ab297-2285-11ec-9e79-08002789875b)
MediaWiki reports : T285515, CVE-2021-41798 SECURITY: XSS vulnerability in Special:Search. T290379, CVE-2021-41799 SECURITY: ApiQueryBacklinks can cause a full table scan. T284419, CVE-2021-41800 SECURITY: fix PoolCounter protection of Special:Contributions. T279090, CVE-2021-41801 SECURITY:...
Privilege Escalation
mediawiki is vulnerable to privilege escalation. The vulnerability exists due to the ReplaceText continues performing actions even when the user no longer has the correct permission such as by being blocked...
PT-2021-23414 · Mediawiki +1 · Replacetext Extension +1
Name of the Vulnerable Software and Affected Versions: ReplaceText extension versions 1.41 and earlier for MediaWiki Description: The issue concerns Incorrect Access Control in the ReplaceText extension for MediaWiki. When a user is blocked after submitting a replace job, the job is still execute...
Adobe Flash TextField.replaceText - Use-After-Free
Adobe Flash TextField.replaceText - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=584 There is a use-after-free in the TextField.replaceText function. If the function is called with a string parameter with toString defined, or an integer parameter with...