7 matches found
CVE-2026-0548 Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the deleteexistinguserphoto function in all versions up to, and including, 3.9.4. This makes it possible for authenticated attackers, wi...
EUVD-2014-5935
Malware in sbrugna...
EUVD-2020-18796
Malware in sbrugna...
CVE-2023-39973 Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns...
Position NFT can be spammed with insignificant positions by anyone until rewards DoS
Lines of code Vulnerability details Impact The PositionManager.memorializePositionsparams method can be called by anyone per design, see 3rd party test cases and allows insignificantly small any value 0 positions to be attached to anyone else's positions NFT, see PoC. As a result, the...
CVE-2020-11879
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...
Ipswitch IMail 6.x - File Attachment
Ipswitch IMail 6.x - File Attachment source: https://www.securityfocus.com/bid/1617/info IPSWITCH ships a product titled IMail, an email server for usage on NT servers serving clients their mail via a web interface. To this end the IMail server provides a web server typically running on port 8383...