16 matches found
EUVD-2024-26878
Malicious code in bioql PyPI...
EUVD-2024-26871
Malicious code in bioql PyPI...
Malicious code in wiki-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9d4143f13c89e66e8f5b2c0905a57d6d25f6d02d46b62aef3e58d4b1f2dda697 Setup.py attempts to exfiltrate information about the system and span a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-3019 Malicious code in wiki-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9d4143f13c89e66e8f5b2c0905a57d6d25f6d02d46b62aef3e58d4b1f2dda697 Setup.py attempts to exfiltrate information about the system and span a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...
CreateWiki 跨站脚本漏洞
CreateWiki is an extension to the Miraheze open source. A cross-site scripting vulnerability exists in CreateWiki. An attacker exploiting this vulnerability could retrieve deleted wiki requests, which often contain sensitive information...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-29898
The CVE-2024-29898 entry concerns Miraheze’s CreateWiki (MediaWiki extension). Affected behavior: during patching for CVE-2024-29897, an oversight could cause suppressed wiki requests listed on Special:RequestWikiQueue to be accessible to users on private wikis who had the (read) permission not r...
CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...
CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...
CVE-2024-29897 CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...
CreateWiki 安全漏洞
CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki. An attacker can exploit this vulnerability to access suppressed wiki requests...
CreateWiki 安全漏洞
CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that could expose suppressed wiki requests to private wikis...
PT-2024-23118 · Mediawiki · Createwiki
Name of the Vulnerable Software and Affected Versions: CreateWiki versions prior to 23415c17ffb4832667c06abcf1eadadefd4c8937 Description: The issue affects CreateWiki, a MediaWiki extension used for requesting and creating wikis on Miraheze. Users with specific rights, such as delete or...
PT-2024-23107
Name of the Vulnerable Software and Affected Versions CreateWiki affected versions not specified Description The issue affects CreateWiki, Miraheze's MediaWiki extension for requesting and creating wikis. Suppression of wiki requests does not work as intended, always restricting visibility to tho...
UBUNTU-CVE-2020-25827
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...