Plone Information Disclosure Vulnerability (CNVD-2016-02598)

Plone is the United States Plone Foundation's set of free and open source content management system CMS built on the application server Zope. An information disclosure vulnerability exists in Plone, which can be exploited by an attacker to obtain ID information for private content...

WordPress <= 4.3.0 权限提升漏洞

越权操作位于 XMLRPC 文章编辑操作中，涉及文件 /wp-includes/class-wp-xmlrpc-server.php 5042-5327 其中关键代码分析： public function mweditPost $args $this-escape $args ; $postID = int $args0; // 获取需要编辑的文章ID 用户所属 $username = $args1; // 从请求的xml中获取用户名 $password = $args2; // 从请求的xml中获取用户密码 $contentstruct = $args3; // 从请求的xml中获取结...

Updated drupal package fixes security vulnerability

Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users CVE-2015-3231. A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites CVE-2015-3232. Due to insufficient URL validation, the Overlay module could be...

Drupal Render Cache System Information Disclosure Vulnerability

Drupal is an open source content management framework CMF written in the PHP language, which consists of a content management system CMS and PHP development framework Framework together. An information disclosure full vulnerability exists in the Render caching system in versions 7.x prior to Drup...

CVE-2015-3231

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache...

CVE-2015-3231

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache...

UBUNTU-CVE-2015-3231

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache...

CVE-2015-3231

Removed by vendor...

CVE-2012-3385

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors...

Design/Logic Flaw

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and 1 read unpublished content from anonymous users when a view is already configured to display the content, and 2 read private content in generated queries...

CVE-2009-2077

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and 1 read unpublished content from anonymous users when a view is already configured to display the content, and 2 read private content in generated queries...