Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-9841 | 7.5 |
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder,
|
18-04-2022 - 17:57 | 27-06-2017 - 17:29 | |
CVE-2017-8812 | 5.0 |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
|
03-10-2019 - 00:03 | 15-11-2017 - 08:29 | |
CVE-2017-0361 | 2.1 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
|
14-05-2018 - 17:09 | 13-04-2018 - 16:29 | |
CVE-2017-8811 | 4.3 |
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
|
28-11-2017 - 17:11 | 15-11-2017 - 08:29 | |
CVE-2017-8810 | 5.0 |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumera
|
28-11-2017 - 16:58 | 15-11-2017 - 08:29 | |
CVE-2017-8809 | 7.5 |
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
|
28-11-2017 - 16:56 | 15-11-2017 - 08:29 | |
CVE-2017-8808 | 4.3 |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
|
28-11-2017 - 16:29 | 15-11-2017 - 08:29 | |
CVE-2017-8814 | 5.0 |
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
|
28-11-2017 - 16:24 | 15-11-2017 - 08:29 | |
CVE-2017-8815 | 5.0 |
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
|
28-11-2017 - 16:23 | 15-11-2017 - 08:29 |