229 matches found
Access control vulnerable to user data deletion by anonynmous users
Impact Anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. Patches The problem is fixed in version 7.2. Workarounds The problem can be fixed by adding dataroles = to AccessControl.userfolder.UserFolder. References...
CVE-2024-51734 User data deletion by anoynmous users in Zope
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...
Access control vulnerable to user data deletion by anonynmous users
Anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access...
DRUPAL-CONTRIB-2024-056
Integrates your Drupal website with the Oh Dear monitoring app. Cached data of monitoring results is accessible to non-logged in users when caching is enabled on the module. This vulnerability is mitigated by the fact that it only affects sites where caching is enabled for OhDear report healthche...
CVE-2024-2862
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...
CVE-2024-2862
LG LED Assistant exposes an unauthenticated password-reset vulnerability (CVE-2024-2862). The Nuclei template details an endpoint: /api/changePw that accepts requests from localhost and can be triggered by spoofing X-Forwarded-For: 127.0.0.1 to obtain a success response, enabling password resets ...
CVE-2024-28865
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...
CVE-2024-28865 django-wiki denial of service via regular expression
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...
GHSA-WJ85-W4F4-XH8H Denial of service via regular expression
Impact All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop. Patches Workarounds Close off access to create and edit articles by anonymous users. References Are there any links...
Denial of service via regular expression
Impact All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop. Patches Workarounds Close off access to create and edit articles by anonymous users. References Are there any links...
PT-2024-22614
Name of the Vulnerable Software and Affected Versions django-wiki versions prior to 0.10.1 Description The issue allows maliciously crafted article content to cause severe use of server CPU through a regular expression loop. This can be exploited by anonymous users creating or editing articles. T...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Missing Authorization to Arbitrary Post Overwrite
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for...
BIT-DISCOURSE-2023-44391 Prevent unauthorized access to summary details in Discourse
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when hideuserprofilesfrompublic is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no know...
BIT-DRUPAL-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
CVE-2024-1472
The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...
CVE-2024-0563
Denial of service condition in M-Files Server in versions before 24.2 excluding 23.2 SR7 and 23.8 SR5 allows anonymous user to cause denial of service against other anonymous users...
Denial of service
Denial of service condition in M-Files Server in versions before 24.2 excluding 23.2 SR7 and 23.8 SR5 allows anonymous user to cause denial of service against other anonymous users...
CVE-2024-0563 Denial of service condition in M-Files Server
Denial of service condition in M-Files Server in versions before 24.2 excluding 23.2 SR7 and 23.8 SR5 allows anonymous user to cause denial of service against other anonymous users...
CVE-2023-1405 Formidable Forms < 6.2 - Unauthenticated PHP Object Injection
The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-5256
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...