10 matches found
EUVD-2012-4810
Malware in sbrugna...
CVE-2012-4885
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...
DEBIAN-CVE-2012-4885
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...
DEBIAN-CVE-2012-1582
Cross-site scripting XSS vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension...
Input validation
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...
CVE-2012-4885
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...
CVE-2012-4885
CVE-2012-4885 concerns MediaWiki’s wikitext parser. The issue affects MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2, where certain input can trigger an infinite loop in the parser, causing a denial of service. The vulnerability is triggered via crafted input demonstrated by the padleft ...
Debian Security Advisory DSA 2366-1 (mediawiki)
The remote host is missing an update to mediawiki announced via advisory DSA 2366-1. OpenVAS Vulnerability Test $Id: deb23661.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2366-1 mediawiki Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Cross site scripting
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets CSS token sequences, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information by using the \2f\2a an...
MediaWiki 1.16.3之前版本存在多个远程漏洞
Bugtraq ID: 47354 MediaWiki是一套以GPL授权发行的Wiki引擎。 MediaWiki存在多个安全漏洞,允许恶意用户进行跨站脚本攻击和绕过部分安全限制。 -应用程序不正确防止部分浏览器如Internet Explorer 6基于查询URL结尾来猜测内容类型,可被利用注入和执行HTML,在目标用户浏览器上执行任意脚本代码。 -通过CSS评注传递的输入在显示给用户之前,wikitext解析器没有对其进行过滤,可被利用注入和执行HTML,在目标用户浏览器上执行任意脚本代码。 -transwiki导入功能没有正确限制表单发送访问,可被利用执行未授权远程资源导入。...