Showing 1 - 3 of 3

CVE-2014-2665

Status Candidate

Overview

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.

Related Files

Gentoo Linux Security Advisory 201502-04: Posted Feb 9, 2015; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201502-4 - Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 1.23.8 are affected.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2013-6451, CVE-2013-6452, CVE-2013-6453, CVE-2013-6454, CVE-2013-6472, CVE-2014-1610, CVE-2014-2242, CVE-2014-2243, CVE-2014-2244, CVE-2014-2665, CVE-2014-2853, CVE-2014-5241, CVE-2014-5242, CVE-2014-5243, CVE-2014-7199, CVE-2014-7295, CVE-2014-9276, CVE-2014-9277, CVE-2014-9475, CVE-2014-9476, CVE-2014-9477, CVE-2014-9478, CVE-2014-9479, CVE-2014-9480, CVE-2014-9481, CVE-2014-9487, CVE-2014-9507; SHA-256 | 704af9a91a2aea64b538f4720a85bdb013ce9b13608e52b9e5fa6b57e832eefd; Download | Favorite | View

Mandriva Linux Security Advisory 2014-083: Posted May 8, 2014; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2014-083 - Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity. XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action. MediaWiki has been updated to version 1.22.6, fixing this and other issues.; tags | advisory; systems | linux, mandriva; advisories | CVE-2014-2665; SHA-256 | 5a6c7bc4a4b122fb358c0ade3b8277baa7f5e4453ec69320728a2f11b9ceabbf; Download | Favorite | View

Debian Security Advisory 2891-3: Posted Apr 7, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2891-3 - The Mediawiki update issued as DSA 2891-1 caused regressions. This update fixes those problems.; tags | advisory; systems | linux, debian; advisories | CVE-2013-2031, CVE-2013-4567, CVE-2013-4568, CVE-2013-4572, CVE-2013-6452, CVE-2013-6453, CVE-2013-6454, CVE-2013-6472, CVE-2014-1610, CVE-2014-2665; SHA-256 | f4c93e740a251c7b3e60a20bbabc1c65f7a49c750380dbd5a2a67ee2e253ae01; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 65 files
LiquidWorm 25 files
Debian 18 files
indoushka 15 files
Apple 10 files
Google Security Research 7 files
Gentoo 5 files
Emiliano Febbi 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,813)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,236)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,965)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2014-2665

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems