Internet Bug Bounty: CVE-2023-27534: SFTP path ~ resolving discrepancy

A vulnerability was discovered in curl's SFTP implementation that allowed the tilde character to be used as a prefix in the first element of a path, resulting in the wrong path being accessed. This could be exploited to circumvent filtering or other security measures. The vulnerability was presen...

PT-2023-16593 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate WordPress plugin versions prior to 5.12.8 Description: The issue allows any authenticated users, such as subscribers, to view draft, private, or even password-protected posts. It is also possible to leak the password of...

WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure

The plugin does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. Run the below command in the...

WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure

The plugin does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. PoC Run the below command in the...

Buffer overflow

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...

Buffer overflow

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones...

PT-2023-16518 · Optinmonster · The Popup Builder By Optinmonster

Name of the Vulnerable Software and Affected Versions: The Popup Builder by OptinMonster WordPress plugin versions prior to 2.12.2 Description: The issue allows any authenticated users, such as subscribers, to retrieve the content of arbitrary posts, including drafts, private, or password-protect...

CVE-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

CVE-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

PT-2023-20690 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost version 5.35.0 Description: The issue allows contributors to view draft posts of other users, which may be inconsistent with a security policy where a contributor's draft should only be readable by editors until published. The vendor do...

CVE-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

CVE-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

CVE-2023-26510

Ghost 5.35.0 exposes an authorization bypass where contributors can view draft posts of other users. The root cause is described as improper authorization management, with the vendor stating this behavior has no security impact. Documented sources from Red Hat, OSV, PT Security, PRION, and NVD co...

CVE-2022-47179

Cross-Site Request Forgery CSRF vulnerability in Uwe Jacobs OWM Weather plugin = 5.6.11 leads to post duplication as a draft...

PT-2023-15221 · Uwe Jacobs · Owm Weather Plugin

Name of the Vulnerable Software and Affected Versions: Uwe Jacobs OWM Weather plugin versions 5.6.11 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which can lead to post duplication as a draft. Recommendations: For versions 5.6.11 and earlier,...

SUSE CVE-2006-6142

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

SUSE CVE-2012-1016

The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...

SUSE CVE-2013-5645

Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...

SUSE CVE-2014-2567

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a 1 sent or 2 draft folder via a PREAUTH response that prevents later use of the STARTTLS comman...

SUSE CVE-2020-1767

Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...