213 matches found
CVE-2021-25973
Affected software: Publify (versions 9.0.0.pre1–9.2.4). Vulnerability type: Improper Access Control allowing a guest user to self-register even when the admin disallows it, resulting from front-end restriction rather than server-side controls. Impact (as described): Guest users can create account...
CVE-2021-25973 Publify - Improper Authorization Leads to Guest Signup Restriction Bypass
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only...
PT-2021-16897 · Publify · Publify
Name of the Vulnerable Software and Affected Versions: Publify versions 9.0.0.pre1 through 9.2.4 Description: The issue is related to Improper Access Control, where guest role users can self-register even when the admin does not allow it. This occurs due to the restriction being only at the...
Publify 授权问题漏洞
Publify is a simple but full-featured web publishing software. Publify suffers from a security vulnerability that stems from a lack of effective permissions licensing and access control measures on a networked system or product...
Improper Authorization in publify/publify
Description I found an IDOR in publify But I don't know this is intended or not ? If we assume that admins or publishers want to upload a media file and don't want to publish it and keep it private until the publish date there is a IDOR vulnerability here. for example I upload a .gif file and thi...
Cross-Site Request Forgery (CSRF) in publify/publify
Description An attacker is able to craft an URL with special parameters, what contains the theme switching command. Upon sending the malicious link to a logged-in administrator, the theme is being changed. Proof of Concept With an admin user, simply open the following URL please replace the...
in publify/publify
Description publify does not use secure Cache-Control headers. Proof of Concept 1: Login to application 2: click on admin link https://demo-publify.herokuapp.com/admin 3: Logout 4: Press the back button of the opened tab to still see that you can view the information . Impact This issue is capabl...
CVE-2014-3211
Publify before 8.0.1 is vulnerable to a Denial of Service attack...
Denial of service
Publify before 8.0.1 is vulnerable to a Denial of Service attack...
CVE-2014-3211
CVE-2014-3211 affects Publify prior to 8.0.1, with a Denial of Service vulnerability. Remediation per PT-2020-7645 and Red Hat entries is to upgrade to version 8.0.1 or later; no exploit details are provided in the documents.
CVE-2014-3211
Publify before 8.0.1 is vulnerable to a Denial of Service attack...
PT-2020-7645 · Publify · Publify
Name of the Vulnerable Software and Affected Versions: Publify versions prior to 8.0.1 Description: The issue allows for a Denial of Service attack. Recommendations: For versions prior to 8.0.1, update to version 8.0.1 or later to resolve the issue...
Publify vulnerable to DoS attack
Publify before 8.0.2 is vulnerable to a Denial of Service attack...