Monthly Archive: September 2015

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not...

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not...

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF...

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. Date published : 2015-09-01 https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82...

IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. Date published : 2015-09-01 https://bugs.launchpad.net/ubuntu/+source/ippusbxd/+bug/1455644 https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f

Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. Date published : 2015-09-01 https://wordpress.org/plugins/navis-documentcloud/changelog/...