CVE-2024-12767 BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR

The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts...

WordPress plugin buddyboss-platform 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SUSE CVE-2014-1571

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template...

DEBIAN-CVE-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...

HackerOne: Team object in GraphQL disclosed private_comment

Summary: Hi Team, Some privateI think part of GraphQL reveals to us Steps To Reproduce Without authorization 1. https://hackerone.com/graphql POST: "query":"query nodeid: \"gid://hackerone/SurveyRatingItem/█████\" ... on...

Vimeo: Insecure Direct Object References that allows to read any comment (even if it should be private)

Dear Vimeo Team, in combination with my previous bug i discovered that it was possible to read any comment on any video even if the video is private: I did a short POC on the Insecure Direct Object Reference. If an attacker wants to exploit this issue he has to know the ID of the comment, which...

Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities

Binary data 8606.prm...

Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. Several...

MGASA-2014-0412 Updated bugzilla packages fix security vulnerabilities

Updated bugzilla packages fix security vulnerabilities: If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group CVE-2014-1571. An attacker creating a new Bugzil...

CVE-2006-1437

UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...

Design/Logic Flaw

UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...

CVE-2006-1437

UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...

CVE-2004-1634

showbug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information...