Search Results | AttackerKB

Show filters

Topics 8 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

8 Total Results

Displaying 1-8 of 8

Attacker Value

Unknown

Parameters injection in SyntaxHighlight results in multiple vulnerabilities

Disclosure Date: April 13, 2018 (last updated November 26, 2024)

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

0

Attacker Value

Unknown

CVE-2017-8812

Disclosure Date: November 15, 2017 (last updated November 26, 2024)

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

0

Attacker Value

Unknown

CVE-2017-8815

Disclosure Date: November 15, 2017 (last updated November 26, 2024)

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.

0

Attacker Value

Unknown

CVE-2017-8809

Disclosure Date: November 15, 2017 (last updated November 26, 2024)

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

0

Attacker Value

Unknown

CVE-2017-8808

Disclosure Date: November 15, 2017 (last updated November 26, 2024)

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.

0

Attacker Value

Unknown

CVE-2017-8811

Disclosure Date: November 15, 2017 (last updated November 26, 2024)

The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.

0

Attacker Value

Unknown

CVE-2017-8810

Disclosure Date: November 15, 2017 (last updated November 26, 2024)

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.

0

Attacker Value

Unknown

CVE-2017-8814

Disclosure Date: November 15, 2017 (last updated November 26, 2024)

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."

0