Kunal Mehta

5 exploits Active since Sep 2015
CVE-2021-33038 WRITEUP HIGH WRITEUP
HyperKitty <1.3.4 - Info Disclosure
An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.
CVSS 7.5
CVE-2021-34337 WRITEUP MEDIUM WRITEUP
Mailman Core <3.3.5 - Info Disclosure
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
CVSS 6.3
CVE-2021-40347 WRITEUP MEDIUM WRITEUP
GNU Mailman Postorius <1.3.5 - Info Disclosure
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.
CVSS 5.4
CVE-2015-6727 WRITEUP WRITEUP
Mediawiki < 1.23.9 - Information Disclosure
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
CVE-2022-4563 WRITEUP HIGH WRITEUP
Freedom of the Press SecureDrop - Symlink Following
A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972.
CVSS 7.8