Lucene search
K

213 matches found

CVE
CVE
added 2021/11/02 6:55 a.m.79 views

CVE-2021-25973

Affected software: Publify (versions 9.0.0.pre1–9.2.4). Vulnerability type: Improper Access Control allowing a guest user to self-register even when the admin disallows it, resulting from front-end restriction rather than server-side controls. Impact (as described): Guest users can create account...

6.5CVSS6.3AI score0.008EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/11/02 6:55 a.m.9 views

CVE-2021-25973 Publify - Improper Authorization Leads to Guest Signup Restriction Bypass

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only...

6.5CVSS6.7AI score0.008EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/02 12:0 a.m.4 views

PT-2021-16897 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: Publify versions 9.0.0.pre1 through 9.2.4 Description: The issue is related to Improper Access Control, where guest role users can self-register even when the admin does not allow it. This occurs due to the restriction being only at the...

6.5CVSS6.1AI score0.008EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.5 views

Publify 授权问题漏洞

Publify is a simple but full-featured web publishing software. Publify suffers from a security vulnerability that stems from a lack of effective permissions licensing and access control measures on a networked system or product...

6.5CVSS6.4AI score0.008EPSS
Exploits0References3
Huntr
Huntr
added 2021/10/11 9:10 a.m.10 views

Improper Authorization in publify/publify

Description I found an IDOR in publify But I don't know this is intended or not ? If we assume that admins or publishers want to upload a media file and don't want to publish it and keep it private until the publish date there is a IDOR vulnerability here. for example I upload a .gif file and thi...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/10/09 10:14 a.m.8 views

Cross-Site Request Forgery (CSRF) in publify/publify

Description An attacker is able to craft an URL with special parameters, what contains the theme switching command. Upon sending the malicious link to a logged-in administrator, the theme is being changed. Proof of Concept With an admin user, simply open the following URL please replace the...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/10/08 4:12 p.m.8 views

in publify/publify

Description publify does not use secure Cache-Control headers. Proof of Concept 1: Login to application 2: click on admin link https://demo-publify.herokuapp.com/admin 3: Logout 4: Press the back button of the opened tab to still see that you can view the information . Impact This issue is capabl...

Exploits0References1
NVD
NVD
added 2020/01/09 2:15 p.m.20 views

CVE-2014-3211

Publify before 8.0.1 is vulnerable to a Denial of Service attack...

7.5CVSS7.5AI score0.01083EPSS
Exploits0References1
Prion
Prion
added 2020/01/09 2:15 p.m.12 views

Denial of service

Publify before 8.0.1 is vulnerable to a Denial of Service attack...

5CVSS7AI score0.01083EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/01/09 1:13 p.m.52 views

CVE-2014-3211

CVE-2014-3211 affects Publify prior to 8.0.1, with a Denial of Service vulnerability. Remediation per PT-2020-7645 and Red Hat entries is to upgrade to version 8.0.1 or later; no exploit details are provided in the documents.

7.5CVSS7.4AI score0.01083EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/09 1:13 p.m.23 views

CVE-2014-3211

Publify before 8.0.1 is vulnerable to a Denial of Service attack...

7.5AI score0.01083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/01/09 12:0 a.m.4 views

PT-2020-7645 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: Publify versions prior to 8.0.1 Description: The issue allows for a Denial of Service attack. Recommendations: For versions prior to 8.0.1, update to version 8.0.1 or later to resolve the issue...

7.5CVSS7.2AI score0.01083EPSS
Exploits0References5
RubySec
RubySec
added 2020/01/09 12:0 a.m.11 views

Publify vulnerable to DoS attack

Publify before 8.0.2 is vulnerable to a Denial of Service attack...

7.5CVSS6.8AI score0.01083EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder