exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2015-2935

Status Candidate

Overview

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."

Related Files

Gentoo Linux Security Advisory 201510-05
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-5 - Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to cause a Denial of Service. Versions less than 1.25.2 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-2931, CVE-2015-2932, CVE-2015-2933, CVE-2015-2934, CVE-2015-2935, CVE-2015-2936, CVE-2015-2937, CVE-2015-2938, CVE-2015-2939, CVE-2015-2940, CVE-2015-2941, CVE-2015-2942, CVE-2015-6728, CVE-2015-6729, CVE-2015-6730, CVE-2015-6731, CVE-2015-6732, CVE-2015-6733, CVE-2015-6734, CVE-2015-6735, CVE-2015-6736, CVE-2015-6737
SHA-256 | 3d8836f5ef2ab0649b4948144dfd99b4cff01decdd6a361e8f73fd93f2e2ecaf
Mandriva Linux Security Advisory 2015-200
Posted Apr 13, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-200 - In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScript using animate elements was incorrect. In MediaWiki before 1.23.9, a stored XSS vulnerability exists due to the way attributes were expanded in MediaWiki's Html class, in combination with LanguageConverter substitutions. In MediaWiki before 1.23.9, MediaWiki's SVG filtering could be bypassed with entity encoding under the Zend interpreter. This could be used to inject JavaScript. In MediaWiki before 1.23.9, one could bypass the style filtering for SVG files to load external resources. This could violate the anonymity of users viewing the SVG. In MediaWiki before 1.23.9, MediaWiki versions using PBKDF2 for password hashing are vulnerable to DoS attacks using extremely long passwords. In MediaWiki before 1.23.9, MediaWiki is vulnerable to Quadratic Blowup DoS attacks, under both HHVM and Zend PHP. In MediaWiki before 1.23.9, the MediaWiki feature allowing a user to preview another user's custom JavaScript could be abused for privilege escalation. In MediaWiki before 1.23.9, function names were not sanitized in Lua error backtraces, which could lead to XSS. In MediaWiki before 1.23.9, the CheckUser extension did not prevent CSRF attacks on the form allowing checkusers to look up sensitive information about other users. Since the use of CheckUser is logged, the CSRF could be abused to defame a trusted user or flood the logs with noise. The mediawiki package has been updated to version 1.23.9, fixing these issues and other bugs.

tags | advisory, php, javascript
systems | linux, mandriva
advisories | CVE-2015-2931, CVE-2015-2932, CVE-2015-2933, CVE-2015-2934, CVE-2015-2935, CVE-2015-2936, CVE-2015-2937, CVE-2015-2938, CVE-2015-2939, CVE-2015-2940
SHA-256 | c05a9bf44b7022507d18ce0ec9c0141893f532647d6ceb31d6d5e71882e345bf
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close