Lucene search
K

10 matches found

NVD
NVD
added 2024/03/06 6:15 p.m.23 views

CVE-2024-24761

Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to...

7.5CVSS7.5AI score0.00614EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/03/06 6:15 p.m.30 views

CVE-2024-24761

Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to...

7.5CVSS7AI score0.00614EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 5:25 p.m.20 views

CVE-2024-24761 Galette public pages accessibility restriction

Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to...

7.5CVSS7.4AI score0.00614EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/04/30 10:25 p.m.16 views

Shopify: Collaborators and Staff members without all necessary permissions are able to create, edit and install custom apps

Summary: Custom Apps - Permissions The store owner, collaborators and staff members can create, edit and install custom apps for their shopify store. Therefor, these users need multiple permissions. The permissions View apps developed by staff and collaborators Develop apps and Manage and install...

0.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/06/10 5:21 p.m.94 views

Path Traversal in Django

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

4.9CVSS4.4AI score0.02737EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2021/06/08 6:15 p.m.32 views

CVE-2021-33203

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

4.9CVSS6AI score
Exploits0References5
Prion
Prion
added 2021/06/08 6:15 p.m.28 views

Directory traversal

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

4CVSS5.8AI score0.02737EPSS
Exploits0References5Affected Software2
Hacker One
Hacker One
added 2019/09/20 7:36 a.m.103 views

Shopify: Bypass report #416983 - Removed Staff members who had "Apps" permission can still modify flow app connections

The following report intends to disclose a bypass for 416983. It's been found that removed staff members who had "Apps" permission can still modify flow app connection settings due to improper authorization. Description Signed URLs generated by Shopify Flow https://apps.shopify.com/flow use a...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2019/06/25 3:35 p.m.53 views

Shopify: any staff members have the ability to comment in [discounts] he/she can disable comment section it to other staff even the admin of the store

Hi, I found this cool behavior by mistake when I was testing for some GraphQL, any user have ability to comment in discounts code at discounts section can turn off comments to the other staff members include the admin/manager of the store. this happens because when the GraphQL used to create a...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2015/11/03 2:49 p.m.12 views

Shopify: Staff members with no permission can access to the files, uploaded by the administrator

Staff members with no permission can access to the files, uploaded by the administrator Test 1 If the member has access only to the section Products, Inventory, & Collections 1. Go to the Products - Product Name - Description 2. Click the button - Add Image 3. In the section Uploaded images are a...

1.2AI score
Exploits0
Rows per page
Query Builder