CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2018/05/23 12:0 a.m.•15 views

WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation

The WordPress application running on the remote web server is version 4.7.x prior to 4.7.2. It is, therefore, affected by a privilege escalation vulnerability in the REST API due to a failure to properly sanitize user- supplied input to the 'id' parameter when editing or deleting blog posts. An...

7.5CVSS7.8AI score0.78934EPSS

Exploits0References3

Cvelist•added 2018/02/26 5:0 p.m.•15 views

CVE-2017-18195

An issue was discovered in tools/conversations/viewajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental 'cnvID' integers...

5.2AI score0.07176EPSS

Exploits6References4

Schneier on Security•added 2017/10/13 7:13 p.m.•72 views

My Blogging

Blog regulars will notice that I haven't been posting as much lately as I have in the past. There are two reasons. One, it feels harder to find things to write about. So often it's the same stories over and over. I don't like repeating myself. Two, I am busy writing a book. The title is still:...

7AI score

Veracode•added 2017/06/07 6:38 a.m.•21 views

Sensitive Information Leak

Moodle is vulnerable to a sensitive information leak. blog/rsslib.php does not prevent guest users from accessing sensitive information from hidden blog posts through related RSS feeds for site-level blogs...

5CVSS5.7AI score0.00283EPSS

Exploits0References4Affected Software1

Filippo.io•added 2016/10/12 5:43 p.m.•13 views

TLS nonce-nse

Starting a series of blog posts on TLS 1.3, I published my notes on the landscape of cipher nonces in TLS across versions, to help me clean up the implementation. Comes with hand-drawn diagrams! TLS nonce-nse | CloudFlare Blog archive...

Atlassian•added 2015/05/13 11:2 p.m.•21 views

Space permissions ignored in list of blog posts by date

h3. Summary Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access. h3. Steps to Reproduce Install Confluence 5.7.x Create two spaces Space A Space B remove all permissions for confluence-users Create a blog post in Space A Create a...

Atlassian•added 2015/05/13 11:2 p.m.•18 views

Space permissions ignored in list of blog posts by date

Atlassian•added 2015/05/13 11:2 p.m.•15 views

Space permissions ignored in list of blog posts by date

Tenable Nessus•added 2015/03/13 12:0 a.m.•32 views

Debian DSA-3183-1 : movabletype-opensource - security update

Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and...

7.5CVSS6.3AI score0.81049EPSS

Exploits5References10

Fedora•added 2012/11/23 3:10 a.m.•21 views

[SECURITY] Fedora 17 Update: libsocialweb-0.25.21-1.fc17

libsocialweb is a social data server which fetches data from the "social we b", such as your friend's blog posts and photos, upcoming events, recently play ed tracks, and pending eBay auctions. It also provides a service to update your status on web services which support it, such as MySpace and...

5.8CVSS2.6AI score0.00699EPSS

Fedora•added 2012/11/11 2:55 a.m.•18 views

[SECURITY] Fedora 18 Update: libsocialweb-0.25.21-1.fc18

5.8CVSS2.6AI score0.00699EPSS

Exploit DB•added 2012/10/22 12:0 a.m.•32 views

WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities

waraxe-2012-SA093 - Multiple Vulnerabilities in Wordpress Social Discussions Plugin ====================================================================================== Author: Janek Vind "waraxe" Date: 17. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-93.html...

7.4AI score

Atlassian•added 2012/08/29 11:13 a.m.•18 views

Inherit Edit Restrictions for Child Pages

As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions: quote'Edit' restrictions are not inherited from the parent page, only from the space. In a space, the 'Add Pages' permission governs both the creation and the editiing of pages. See...

1.6AI score

Atlassian•added 2012/08/29 11:13 a.m.•26 views

Inherit Edit Restrictions for Child Pages

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-26446. panel As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions:...

1.5AI score

Fedora•added 2011/11/29 12:3 a.m.•21 views

[SECURITY] Fedora 15 Update: libsocialweb-0.25.20-1.fc15

5.8CVSS2.6AI score0.00413EPSS

Packet Storm•added 2010/12/28 12:0 a.m.•33 views

Pixie 1.04 Cross Site Request Forgery

Pixie 1.04 suffers from CSRF where form data can be submitted by the admin unwittingly in this example to add a blog post or Add a new user. It was not tempted but it is possible to include a cookie stealer in the blog post which a naive admin my view if it has a curious/innocent sounding name...

0.7AI score

Packet Storm•added 2010/07/13 12:0 a.m.•25 views

Globber 1.4 Cross Site Request Forgery

alert0" /...

0.5AI score