PT-2023-32050 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. Recommendations: At the momen...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from a failure to properly check the creator of an attachment when adding it to a draft post, which could lead to information disclosure...

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to the...

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. PoC - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to...

CVE-2023-38706

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes features such as communities, e-mail and chat rooms. A security vulnerability exists in Discourse, which stems from a vulnerability that allows an attacker to create an unlimited number of drafts by using a long draf...

SUSE CVE-2023-4875

Null pointer dereference when composing from a specially crafted draft message in Mutt 1.5.2 2.2.12...

DEBIAN-CVE-2023-4875

Null pointer dereference when composing from a specially crafted draft message in Mutt 1.5.2 2.2.12...

AZL-28699 CVE-2023-4875 affecting package mutt for versions less than 2.2.12-1

Null pointer dereference when composing from a specially crafted draft message in Mutt 1.5.2 2.2.12...

CVE-2023-4875

Null pointer dereference when composing from a specially crafted draft message in Mutt 1.5.2 2.2.12...

CVE-2023-4875 Undefined Behavior for Input to API in Mutt

Null pointer dereference when composing from a specially crafted draft message in Mutt 1.5.2 2.2.12...

Mutt Code Issues Vulnerabilities

Mutt is a text-based mail client for Unix-like systems developed by Michael Elkins. A security vulnerability exists in Mutt due to a null pointer dereference when composing a specially crafted draft message...

CVE-2023-4740

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=email/api/delDraft&archiveId=0 of the component Delete Draft Handler. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2023-4740 IBOS OA Delete Draft delDraft&archiveId=0 sql injection

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=email/api/delDraft&archiveId=0 of the component Delete Draft Handler. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2023-4740 IBOS OA Delete Draft delDraft&archiveId=0 sql injection

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=email/api/delDraft&archiveId=0 of the component Delete Draft Handler. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

IBOS SQL Injection Vulnerability

IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from the component Delete Draft Handler. in the ?r=diary/default/del in the unknown section, resulting in sql injection...

PT-2023-30443 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical vulnerability was found in the Delete Draft Handler component, affecting an unknown part of the file at the endpoint "?r=email/api/delDraft&archiveId=0". The manipulation leads to SQL injection, a...

PT-2023-4937 · Mutt +9 · Mutt +9

Name of the Vulnerable Software and Affected Versions: Mutt versions 1.5.2 through 2.2.12 Description: The issue is related to a null pointer dereference when composing from a specially crafted draft message. This can potentially allow an attacker to cause a denial of service. The vulnerability i...

IBOS SQL Injection Vulnerability

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from the presence of an unknown part of ?r=email/api/delDraft&archiveId=0 in the component Delete Draft Handler. that leads to sql injection...

CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...