BIT-GHOST-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...

BIT-GHOST-2024-34448

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

PT-2024-30566 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost versions 4.46.0 through 5.89.4 Description: The issue is related to improper authentication on some endpoints used for member actions, allowing an attacker to perform member-only actions and read member information. Recommendations: For...

PT-2024-25902 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost versions prior to 5.82.0 Description: The issue allows CSV Injection during a member CSV export. Recommendations: For Ghost versions prior to 5.82.0, update to version 5.82.0 or later to resolve the issue...

def-2001-21: Ghost Multiple DoS

====================================================================== Defcom Labs Advisory def-2001-21 Ghost Multiple DoS Author: Peter Grьndl [email protected] Release Date: 2001-04-11 ====================================================================== ------------------------=Brief...