|
270461
|
5.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.2…
|
CWE-200
Information Exposure
|
CVE-2015-8628
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270462
|
5.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers…
|
CWE-284
Improper Access Control
|
CVE-2015-8627
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270463
|
9.8 |
CRITICAL
Network
|
mediawiki
|
mediawiki
|
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which ma…
|
CWE-255
Credentials Management
|
CVE-2015-8626
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270464
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read…
|
CWE-200
Information Exposure
|
CVE-2015-8625
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270465
|
8.8 |
HIGH
Network
|
mediawiki
|
mediawiki
|
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant …
|
CWE-352
Origin Validation Error
|
CVE-2015-8624
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270466
|
8.8 |
HIGH
Network
|
mediawiki
|
mediawiki
|
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote at…
|
CWE-352
Origin Validation Error
|
CVE-2015-8623
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270467
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authe…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8622
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270468
|
7.5 |
HIGH
Network
|
netapp
|
snapdrive
|
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-8544
|
2024-11-21 11:38 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270469
|
8.8 |
HIGH
Network
|
netapp
|
data_ontap
|
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-8322
|
2024-11-21 11:38 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270470
|
9.8 |
CRITICAL
Network
|
perl
|
perl
|
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive lette…
|
CWE-125
Out-of-bounds Read
|
CVE-2015-8608
|
2024-11-21 11:38 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
