15 matches found
EUVD-2017-1430
Malware in sbrugna...
EUVD-2022-29613
Malicious code in bioql PyPI...
CVE-2022-24813
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki's GitHub repository...
Improper Access Control
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Improper Access Control where it is possible for anonymous users to leave comments on an article in draft mode. Remediation Upgrade publifycore to...
Publify Incorrect Authorization
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...
PT-2022-13270 · Publify · Publify
Name of the Vulnerable Software and Affected Versions: publify/publify versions prior to 9.2.8 Description: The issue concerns improper access control in the GitHub repository publify/publify. It allows anonymous users to leave comments on articles in draft mode, even though they cannot view thes...
CVE-2022-24813
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki's GitHub repository...
CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki's GitHub repository...
PT-2022-16893 · Miraheze · Createwiki
Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent...
CreateWiki 授权问题漏洞
CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that stems from the ability to use Special:RequestWikiQueue for anonymous comments when sent directly via POST...
Improper Access Control in publify/publify
Description Article in draft mode can only be accessed by admins who have permission to manage article. Anonymous users can't view but can leave comments on article in draft mode. The cause of the vulnerability is that the draft article is setting to comment enabled and createcomment function onl...
Catalyst Mahara Anonymous Comments Vulnerability
Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara versions 1.9 before 1.9.7, 1.10 before 1.10.5, and 15.04 before 15.04.2. An attacker could exploit...
WordPress W3 Total Cache PHP Code Execution
This module exploits a PHP Code Injection vulnerability against WordPress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PH...
Wordpress W3 Total Cache PHP Code Execution Vulnerability
This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows...
New York Lawmakers Want Anonymous Comments Banned
A bill before the New York State Assembly would essentially ban anonymous comments on New York-based Web sites. Earlier this week a Wired writer discovered a bill had been introduced this spring in both chambers called the Internet Protection Act. The proposed law would require that a Web site...