Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.24.0 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-8005
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote malicious users to obtain the installation path by reading the metadata of a PNG thumbnail file.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.25.0
605
VMScore
CVE-2015-8003
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
445
VMScore
CVE-2015-8009
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x prior to 1.25.3, 1.24.x prior to 1.24.4, and prior to 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use an...
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.25.2
445
VMScore
CVE-2015-6727
The Special:DeletedContributions page in MediaWiki prior to 1.23.10, 1.24.x prior to 1.24.3, and 1.25.x prior to 1.25.2 allows remote malicious users to determine if an IP is autoblocked via the "Change block" text.
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.2
Canonical Ubuntu Linux 15.04
383
VMScore
CVE-2015-8622
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as de...
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.2
605
VMScore
CVE-2015-8624
The User::matchEditToken function in includes/User.php in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which al...
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.25.1
445
VMScore
CVE-2015-8626
The User::randomPassword function in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote malicious users to obtain access via a brute-for...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.2
445
VMScore
CVE-2015-8627
MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote malicious users to bypass intended access restrictions by using an IP address that...
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.3
445
VMScore
CVE-2015-8625
MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote malicious users to read arbitrary files via an @ (at sign) character in unspecified POST a...
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.2
383
VMScore
CVE-2015-8628
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 allow remote malicious users to obtain sens...
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »