|
277581
|
- |
|
echo_project
|
echo
|
The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demon…
|
CWE-200
Information Exposure
|
CVE-2015-8007
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277582
|
- |
|
pagetriage_project
|
pagetriage
|
Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension for MediWiki allows remote attackers to inject arbitrary web script or HTML via the page title.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8006
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277583
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading…
|
CWE-200
Information Exposure
|
CVE-2015-8005
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277584
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8004
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277585
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
|
CWE-399
Resource Management Errors
|
CVE-2015-8003
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277586
|
- |
|
mediawiki
|
mediawiki
|
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a …
|
CWE-399
Resource Management Errors
|
CVE-2015-8002
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277587
|
- |
|
mediawiki
|
mediawiki
|
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authen…
|
CWE-284
Improper Access Control
|
CVE-2015-8001
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277588
|
- |
|
w1.fi
opensuse
|
wpa_supplicant
opensuse
hostapd
|
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a lar…
|
CWE-189
Numeric Errors
|
CVE-2015-8041
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277589
|
- |
|
opensuse
bouncycastle
oracle
|
leap
opensuse
bouncy_castle_crypto_package
peoplesoft_enterprise_peopletools
virtual_desktop_infrastructure
enterprise_manager_ops_center
application_testing_suite
|
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic …
|
CWE-310
CWE-200
Cryptographic Issues
Information Exposure
|
CVE-2015-7940
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277590
|
- |
|
login_disable_project
|
login_disable
|
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection me…
|
CWE-17
Code
|
CVE-2015-8082
|
2024-11-21 11:37 |
2015-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
