21 matches found
CVE-2010-0215
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and 1 delete an attachment or 2 subscribe to an object, via a crafted URL...
CVE-2022-50590
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...
CVE-2022-50590
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...
CVE-2022-50590
SuiteCRM prior to 7.12.6 has a type confusion flaw in the deleteAttachment module parameter handling. This allows remote, unauthenticated attackers to alter database objects, including changing the administrator’s email. The issue affects SuiteCRM versions before 7.12.6; fixes are provided in 7.1...
EUVD-2023-1855
Malicious code in bioql PyPI...
CVE-2024-9067
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteattachment' function in all versions up to, and including, 1.3.0. This makes i...
CVE-2023-35157
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of t...
CVE-2024-9067
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteattachment' function in all versions up to, and including, 1.3.0. This makes i...
CVE-2024-9067
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteattachment' function in all versions up to, and including, 1.3.0. This makes i...
CVE-2024-9067 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteattachment' function in all versions up to, and including, 1.3.0. This makes i...
WordPress plugin Youzify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-39402 · WordPress · Youzify
Name of the Vulnerable Software and Affected Versions: The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress versions up to, and including, 1.3.0 Description: The issue allows authenticated attackers with Subscriber-level access and above to delete...
WordPress plugin Product Designer security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Plugin Advanced Classifieds & Directory Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Cross site request forgery (csrf)
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of t...
CVE-2023-35157
CVE-2023-35157 affects XWiki Platform. The vulnerability is a cross-site scripting (XSS) flaw triggered by forging a request to the delete attachment action with a crafted attachment name. Exploitation requires either the attacker to know the victim’s CSRF token or the user ignoring CSRF warnings...
CVE-2023-0335
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...
WordPress Arbitrary Code Execution Vulnerability
WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. An arbitrary code execution vulnerability exists in WordPress 4.9.6 and earlier versions. Th...
PT-2011-1360 · A51 · Activecollab
Name of the Vulnerable Software and Affected Versions: ActiveCollab versions prior to 2.3.2 Description: The issue allows remote authenticated users to bypass intended access restrictions. This can lead to unauthorized actions such as deleting an attachment or subscribing to an object, which can ...
CVE-2006-0120
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service application crash via multiple vectors, involving 1 a malformed message sent to an "Out Of Office" agent SPR LPEE6DMQWJ, 2 the compact command RTIN5U2SAJ, 3 malforme...