Search Results | AttackerKB

Show filters

Topics 42 Users 9,708

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

42 Total Results

Displaying 11-20 of 42

Attacker Value

Unknown

CVE-2014-3966

Disclosure Date: June 06, 2014 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.

0

Attacker Value

Unknown

CVE-2012-5395

Disclosure Date: June 02, 2014 (last updated October 05, 2023)

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.

0

Attacker Value

Unknown

CVE-2012-5391

Disclosure Date: June 02, 2014 (last updated October 05, 2023)

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.

0

Attacker Value

Unknown

CVE-2013-6472

Disclosure Date: May 12, 2014 (last updated October 05, 2023)

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.

0

Attacker Value

Unknown

CVE-2013-4570

Disclosure Date: May 12, 2014 (last updated October 05, 2023)

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.

0

Attacker Value

Unknown

CVE-2014-3455

Disclosure Date: May 12, 2014 (last updated October 05, 2023)

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.

0

Attacker Value

Unknown

CVE-2013-6454

Disclosure Date: May 12, 2014 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.

0

Attacker Value

Unknown

CVE-2013-6453

Disclosure Date: May 12, 2014 (last updated October 05, 2023)

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

0

Attacker Value

Unknown

CVE-2014-3454

Disclosure Date: May 12, 2014 (last updated October 05, 2023)

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.

0

Attacker Value

Unknown

CVE-2013-4574

Disclosure Date: May 12, 2014 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.

0