Lucene search
K

100 matches found

Hacker One
Hacker One
added 2019/07/27 7:14 p.m.53 views

Paragon Initiative Enterprises: Github wikis are editable by anyone https://github.com/paragonie/password_lock/wiki

submitted a misconfiguration in some of our GitHub repositories to us. Wikis are inherently editable for all users, but for some repositories an organization may want to restrict this access. In some cases it was possible for GitHub users . Github wikis on the following project...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2018/12/10 10:8 p.m.55 views

Liberapay: Publicly editable GitHub wikis

Hello team, While browsing https://github.com/liberapay I found that many of the repositories have their wikis publicly editable by any GitHub user. The following are some of the affected repositories: https://github.com/liberapay/cardregistration-js-kit/wiki...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2018/12/06 7:2 p.m.42 views

Nextcloud: Github wikis are editable by anyone

Github wikis on the following projects https://github.com/nextcloud/fulltextsearch https://github.com/nextcloud/nextcloudpi https://github.com/nextcloud/spreed https://github.com/nextcloud/ocsms https://github.com/nextcloud/nextcloud-snap https://github.com/nextcloud/passman can be edited by any...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/11/20 12:0 a.m.66 views

FreeBSD : mediawiki -- multiple vulnerabilities (298829e2-ccce-11e7-92e4-000c29649f92)

mediawiki reports : security fixes : T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451:...

9.8CVSS7.6AI score0.99999EPSS
Exploits19References11
OpenVAS
OpenVAS
added 2017/11/14 12:0 a.m.22 views

Debian: Security Advisory (DSA-4036-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.07714EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2017/11/14 12:0 a.m.89 views

mediawiki -- multiple vulnerabilities

mediawiki reports: security fixes: T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451: XS...

9.8CVSS7.6AI score0.07714EPSS
Exploits0References1
Fedora
Fedora
added 2015/11/17 3:56 p.m.12 views

[SECURITY] Fedora 23 Update: python-pygments-2.0.2-3.fc23

Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...

7.3AI score
Exploits0
Mageia
Mageia
added 2014/06/06 6:8 a.m.31 views

Updated mediawiki packages fix security vulnerability

XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...

2.6CVSS5.9AI score0.02097EPSS
Exploits0References4
NVD
NVD
added 2013/07/16 6:55 p.m.21 views

CVE-2013-1908

The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

5CVSS6.8AI score0.02558EPSS
Exploits0References8
Prion
Prion
added 2013/07/16 6:55 p.m.16 views

Design/Logic Flaw

The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

5CVSS7.3AI score0.02558EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2013/07/16 6:0 p.m.55 views

CVE-2013-1908

The CVE-2013-1908 issue affects the Drupal Commons Wikis module (versions prior to 7.x-3.1) as used in the Commons distribution. The vulnerability is an access bypass/privilege-escalation flaw that allows anonymous users to post content into groups due to improper access restrictions. Impact is l...

5CVSS7AI score0.02558EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2013/07/16 6:0 p.m.24 views

CVE-2013-1908

The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

6.8AI score0.02558EPSS
Exploits0References8
Drupal
Drupal
added 2013/03/27 12:0 a.m.24 views

SA-CONTRIB-2013-039 - Commons Wikis - Access bypass & Privilege escalation

The Drupal Commons distribution is a tool for building social, group-based collaboration communities. The Commons Wikis module is used by the distribution to provide specific wiki functionality. Versions 3.0 and earlier of the Commons Wikis module is vulnerable to an access bypass and privilege...

5CVSS6.7AI score0.02558EPSS
Exploits0References13
The Hacker News
The Hacker News
added 2011/03/11 2:47 p.m.6 views

SourceForge open sources its own source !

SourceForge, the popular project hosting site, has released Allura, the software that powers its service, as Apache 2.0 licensed open source. The project to develop Allura began in 2009 and currently an instance of the software, which has also been known as "New Forge" or "Forge 2.0" during...

7AI score
Exploits0
NVD
NVD
added 2011/02/14 10:0 p.m.12 views

CVE-2011-1030

Cross-site scripting XSS vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene."...

4.3CVSS5.4AI score0.01053EPSS
Exploits0References4
Prion
Prion
added 2011/02/14 10:0 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene."...

4.3CVSS5.8AI score0.01053EPSS
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2010/05/28 12:0 a.m.15 views

mediawiki -- two security vulnerabilities

Two security vulnerabilities were discovered: Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer. A CSRF vulnerability was discovered ...

2.5AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2010/02/15 6:30 p.m.28 views

CVE-2010-0288

A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...

7.5CVSS5.9AI score0.10546EPSS
Exploits0References2
OSV
OSV
added 2010/02/15 6:30 p.m.6 views

UBUNTU-CVE-2010-0288

A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...

7.5CVSS5.8AI score0.10546EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2009/04/27 12:0 a.m.17 views

ClearSpace Detection

The remote web server is running Jive ClearSpace, a social networking site letting users manage wikis, publish blog entries and discuss between each other. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid38183; scriptversion"1.8"; scriptnameenglish:"ClearSpace...

5.4AI score
Exploits0References1
Rows per page
Query Builder