Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure

Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts. 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets Plus ...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7, which...

Cross site request forgery (csrf)

An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true...

Gleez CMS Cross-Site Request Forgery Vulnerability

Gleez CMS is an extensible open source content management system CMS based on the Kohana framework. A cross-site request forgery vulnerability exists in Gleez CMS version 1.2.0. A remote attacker can exploit this vulnerability to create new pages and logs...

IBM WebSphere Process Server Access Restriction Bypass Vulnerability

IBM WebSphere Process Server is the business process automation engine. A security vulnerability exists in Business Space in some versions of IBM WebSphere Process Server, which can be exploited by remote attackers to bypass access restrictions and create arbitrary pages or spaces...