GHSA-79M3-Q3WH-C3QM Publify Incorrect Authorization

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...

PT-2022-13270 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: publify/publify versions prior to 9.2.8 Description: The issue concerns improper access control in the GitHub repository publify/publify. It allows anonymous users to leave comments on articles in draft mode, even though they cannot view thes...

Publify 安全漏洞

Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.8. The vulnerability stems from an access control error in draft mode, which could be exploited by an attacker to comment on articles in draft mode...

Is Leaking a SCOTUS Opinion a Crime? The Law Is Far From Clear

The leak of a draft opinion overturning Roe v. Wade quickly sparked a court investigation. Which laws may have been violated, if any, remains uncertain...

Threat Source newsletter (April 28, 2022) — The 2022 Cybersecurity Mock Draft

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter that’s going to be a little different, but bear with me. In honor of the NFL Draft starting this evening — an event that Cisco is helping to secure — I thought it’d be appropriate to look at building a... This is only...

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

Moodle denial-of-service risk in the draft files area

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

GHSA-4QXC-QXRP-33CW Moodle denial-of-service risk in the draft files area

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

UBUNTU-CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

CVE-2021-32476

CVE-2021-32476 is a denial-of-service vulnerability in Moodle related to the draft files area not enforcing user file upload limits. Affected versions include Moodle 3.10.x up to 3.10.3, 3.9.x up to 3.9.6, 3.8.x up to 3.8.8, 3.5.x up to 3.5.17 and other unsupported releases. The connected sources...

WordPress Document Embedder plugin information leakage vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...

CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

Improper Access Control in liangliangyy/djangoblog

Description "formvalid" function in comments/views.py file performs the task of saving user comments. However, this function doesn't check the status of article, so users can leave comments on draft article or public article with commentstatus is off. Proof of Concept - Step 1: Login as admin in...

WordPress Document Embedder plugin title enumeration vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Document Embedder WordPress plugin prior to version 1.7.9 is vulnerable to a title enumeration vulnerability, which stems from the fact that the plugin includes an AJAX operation endpoint that can be...

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...