Nextcloud Social app 访问控制错误漏洞

Nextcloud Nextcloud Social app is a social application from Nextcloud Germany. An access control error vulnerability exists in version 0.3.1 of the Nextcloud Social app. The vulnerability is related to the control system of the affected version not properly handling user access requests. There is...

Improper access control to messages of Social app (NC-SA-2020-042)

Improper access control in Social app 0.3.1 allowed to read posts of any user...

CVE-2017-3066

creationtimestamp| type| source ---|---|--- 2020-10-09 16:13:18+00:00| seen| MISP/5418d4ce-3a6c-4b8d-b61f-aa38b37bd843 2025-02-24 15:27:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5141 2025-02-24 18:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123...

openSUSE Security Update : fossil (openSUSE-2020-1478)

This update for fossil fixes the following issues : - fossil 2.12.1 : - CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code boo1175760 - Security fix in the 'fossil git export' command. New 'safety-net' features were added to...

Information Disclosure

johnpbloch/wordpress-core is vulnerable to information disclosure. The vulnerability exists in the getcommentexcerpt function in comment-template.php because the comments from password-protected non-public posts and pages are not restricted from viewing under certain conditions...

WordPress Comment Mismanagement Vulnerability

WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. A comment mismanagement vulnerability exists in wp-includes/comment-template.php in WordPres...

UBUNTU-CVE-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...

php: Integer wraparounds when receiving multipart forms

A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service...

NextScripts: Social Networks Auto-Poster < 4.3.18 - Insufficient Privilege Validation

The plugin is giving access to several functionalities without proper authorisation checks, allowing low privileged attackers the possibility to Remove Posts by corrupting the post type and other data, Post Arbitrary Information in the site social networks as well as Change the plugin settings...

Bulk Change <= 1.0 - Authenticated Reflected Cross-Site Scripting

The Bulk Change page under Tools Bulk Posts Change has an 's' GET parameter echoed to a text input tag value without being sanitised, leading to a cross-site scripting issue. PoC /wp-admin/tools.php?page=bulk-change%2Fbulk-change.phppage=10=Search+...posttypeaction="...

Authorization Bypass

mittwald/typo3forum is vulnerable to authorization bypass. The vulnerability exists as it allowed anonymous users to create forum posts even when they do not have permissions to do so...

TYPO3 typo3_forum extension incorrect access control vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. typo3forum extension is one of the forum extensions. A security vulnerability exists in TYPO3 typo3forum extension versions prior to 1.2.1, which stems from the program not performing acces...

Broken Access Control in extension "typo3_forum" (typo3_forum)

The ACL check of the extension is broken under certain conditions allowing anonymous users to create forum posts although this feature is disabled for anonymous users in the access control list...

WordPress 4.9.x < 4.9.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

WordPress 4.0.x < 4.0.31 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

WordPress 4.4.x < 4.4.23 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

WordPress 4.3.x < 4.3.24 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

WordPress 4.7.x < 4.7.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

Fedora 32 : wordpress (2020-8447a3e195)

WordPress 5.4.2 Security and Maintenance Release This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixessee the list below. These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so youll want to upgrade. Securi...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41492)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 5.8.0. An attacker could exploit the vulnerability to attach files to multiple posts...