12 matches found
openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20933-1 advisory. This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. -...
SUSE-SU-2026:2284-1 Security update for mariadb
This update for mariadb fixes the following issues: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. - CVE-2026-44170:...
EUVD-2015-5032
Malware in sbrugna...
The vulnerability of the CheckUser extension of the software environment for implementing MediaWiki’s hypertext environment allows a violator to cause a service failure.
The vulnerability of the CheckUser extension of the MediaWiki software environment relates to the use of the URL address rest.php/checkuser/v0/useragentclienthints/revision/, which is used to store any number of lines in cuuseragentclienthints. Exploiting this vulnerability could allow a maliciou...
CVE-2023-45367
An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cuuseragentclienthints, leading to a...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from a CheckUser extension user can...
Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload
Exploit Title: Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/mstore-api/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/mstore-api/ Version: 2.0.6, possibly higher Tested on: Ubuntu 20.04.1 import os.path...
On error at /rest/ stack-trace is publicly visible
h3. Summary On Confluence server 6.12.2 requesting wrong REST URL /rest/cql/contenttypes?category=test we will see full stack-trace. The same we can see at https://confluence.atlassian.com/rest/cql/contenttypes?category=test On production, a regular user should not see the stack-trace when an err...
CVE-2015-5015
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL...
Information disclosure
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL...
CVE-2015-5015
CVE-2015-5015 affects IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x prior to Feature Pack 8. A remote attacker can obtain sensitive information via a crafted REST URL, indicating an information-disclosure vulnerability in the REST API surface. The root cause is an improper handling of REST UR...
CVE-2011-4727
The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service parsing error or possibly have unspecified other impact via a crafte...