WordPress plugin Shared Files 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress Shared Files plugin <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability

Limited Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability discovered by Tim Coen in WordPress Plugin Shared Files versions = 1.7.42...

CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...

CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...

PT-2024-9167 · Nextcloud +1 · Nextcloud Mail +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 2.2.10 Nextcloud Mail versions prior to 3.6.2 Nextcloud Mail versions prior to 3.7.2 Description: The issue is related to insufficient access control in the Nextcloud mail client, allowing a remote attacker to...

Nextcloud Mail 访问控制错误漏洞

Nextcloud Mail is an email from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Mail that stems from allowing shared files without download permissions to be attached as attachments...

GHSA-HFF8-HJWV-J9Q7 Remote Code Execution on click of <a> Link in markdown preview

Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...

CVE-2024-43230

Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.28...

CVE-2024-43230

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28...

CVE-2024-43230 WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.28...

CVE-2024-43230 WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.28...

CVE-2024-43230

CVE-2024-43230 refers to a vulnerability in WordPress Shared Files (Frontend File Upload Form & Secure File Sharing) where sensitive information could be exposed to an unauthenticated actor. Affected: Shared Files plugin for WordPress, versions up to 1.7.28. Root cause and exact exploit details a...

WordPress plugin Shared Files 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Shared Files versions = 1.7.28...

WordPress Shared Files Plugin <= 1.7.28 is vulnerable to Sensitive Data Exposure

Software Shared Files Type Plugin Vulnerable versions = 1.7.28 Fixed in 1.7.29 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-43230 Patch priority Low CVSS severity Low 5.3 Developer Tammersoft PSID 9e141e472eac Credits Abdi Pranata Required privile...

CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise...

CVE-2024-37884

CVE-2024-37884 concerns Nextcloud Server where a malicious user could send delete requests for old file versions that were shared with read permissions. The initial description specifies upgraded paths: Nextcloud Server should be updated to 26.0.12 or 27.1.7 or 28.0.3, and Nextcloud Enterprise Se...

CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise...

Users can delete old versions of read-only shared files

None...

PT-2024-4382 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.12 Nextcloud Server versions prior to 27.1.7 Nextcloud Server versions prior to 28.0.3 Nextcloud Enterprise Server versions prior to 26.0.12 Nextcloud Enterprise Server versions prior to 27.1.7 Nextclou...