Nextcloud: Possible to enumerate valid files in password protected shares/files drop shares as well as spam folder with files

The summary is as follows: It was possible to enumerate valid files in password protected shares and file drop shares. Additionally, it was possible to spam the folder with empty files using an attacker-controlled file name. The vulnerability existed in the DocumentAPIControllercreate method, whi...

WordPress Enqueue Anything plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Boozt Fashion AB: Email spoofing at booztlet.com

Hello : This There is an Email Spoofing Vulnerability. Steps to reproduce: 1 Go to http://emkei.cz/ 2 Fill "From Email" field to [email protected] or any other booztlet email. 3 Fill the victim's address your address to "TO" field and fill in other details as you wish. You will receive email fro...

Veris: Email spoofing in [email protected]

Hey, I've found email spoofing vulnerability in [email protected] Issue: ======== When I try to send a fake email from [email protected] to my email [email protected] I was successful in sending a fake email to my inbox, this is an issue; because, fake mails should be sent into the 'spam' folde...