MAL-2026-1379 Malicious code in 8x8-developer-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 830ce990639483b2f7a9ea4e000d63c831e0d58c94e718a1a20add6885cb93ef The package 8x8-developer-docs was found to contain malicious code. Source: ghsa-malware...

8x8 Bounty: connect.8x8.com: Blind SSRF via /api/v2/chats/image-check allows for Internal Ports scan

A Blind SSRF vulnerability was discovered in the 8x8 Connect application's ChatApps module, which allowed for internal port scans via the /api/v2/chats/image-check API path and the url JSON parameter. The vulnerability was resolved by retiring the entire API path...

SUSE CVE-2022-37416

Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2mcfullxfully8x8...

8x8: LFI via Jolokia at https://█.█.█.█:1293

@shuvam321 reported to us a single exposed host in the acceptance environment. The report demonstrated a Local File Inclusion via Jolokia, e.g.: https://█.█.█.█:1293/actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/hostname No sensitive information has...

8x8: DLL Search-Order Hijacking Vulnerability in work-64-exe-v7.16.3-1.exe

@is- reported to us a DLL Search-Order Hijacking vulnerability in work-64-exe-v7.16.3-1.exe. Reference: https://attack.mitre.org/techniques/T1574/001/ The underlying issue was found in an older version of Squirrel.Windows. Issue Reference: https://github.com/Squirrel/Squirrel.Windows/issues/1801...

8x8: Open Redirect on https://██.8x8.com/login?nextPage=%2F

@ig420vrush reported to us an Open Redirect after login in a 3rd party referral platform. We swiftly relayed this to the vendor and their engineering team fixed the affected code, which resolved the issue...

8x8: Remote Code Execution on ██.8x8.com via .NET VSTATE Deserialization

@0daystolive reported to us a flaw in a 3rd party community platform, which could be exploited to achieve RCE. We swiftly relayed this to the vendor and their engineering team turned off the affected code, which resolved the issue. For more details about this vulnerability read:...

8x8: Hardcoded AWS credentials in ███████.msi

A hardcoded AWS access token was discovered within an MSI file available for download on the 8x8 site. The researcher was able to demonstrate access to 8x8 AWS infrastructure. The token was promptly restricted...

Unspecified Vulnerability in Jitsi Meet jitsi-meet-prosody

8X8 Docker Jitsi Meet is a tool for building Jitsi Meet videoconferencing solutions in Docker from 8x8 USA. A security vulnerability exists in jitsi-meet-prosody in versions of Jitsi Meet prior to 5026, which stems from an uncertainty in the default setting of restrictroomcreation. No detailed...

8x8: Exposed PHP dependencies at ██.8x8.com

A limited amount of hosts were exposing the PHP vendor directory, which exposed names of internal packages & dependencies. The issue has been rectified...

8x8 Bounty: Any meeting chat history can be read and modified by an arbitrary user

A vulnerability existed where a JaaS user could read & modify the chat history of an 8x8 Meet conference. It was limited by the fact that the meeting UUID was required to be known. The fix was promptly deployed to production. A vulnerability in an API accessible through the jaas.8x8.vc white-labe...

8x8: Admin Reseller Account Disclosure

The vendor that handles 8x8 Resellers had inadvertently exposed account credentials. The information was removed and credentials changed. Leaked admin account of third party reseller in github with full access to all files...

8x8: xmlrpc.php file enabled

Wordpress instance with xmlrpc module enabled...

8x8: Insecure OAuth redirection at [admin.8x8.vc]

The meetings admin application performed an insufficient validation of the specified redirect location during OAuth negotiation. There was an improper redirection in "admin.8x8.vc" oauth that lead to takeover the admin.8x8.vc SSO accounts , When trying to adding an admin account in admin.8x8.vc...

8x8: Reflected xss on 8x8.com subdomain

The Beta version of a new chat API was discovered to contain a reflected XSS flaw. With the help of the researcher we were able to resolve the issue and ensure the future chat product will not contain this flaw. Write-up for beginners like me.. hackwithcommunity...

8x8: XSS (Cross site scripting) on https://apimgr.8x8.com

The domain apimgr.8x8.com hosted an outdated version of WSO2 Data Analytics Server...

Hex Get 10: Hexic 6x6,7x7,8x8 - Dynamic Code Loading, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Hex Get 10: Hexic 6x6,7x7,8x8 published at the 'play' market has multiple vulnerabilities...

support.8x8.com XSS vulnerability

Vulnerable URL:...

[SECURITY] Fedora 17 Update: kreversi-4.10.5-1.fc17

Kreversi is a simple one player strategy game played against the computer. The playing field is an 8 by 8 square board divided into 64 squares. The game pieces used are two sided stones, where each side has its own, distinctive color. If a piece is captured by an opposing player, that piece is...

[SECURITY] Fedora 18 Update: kreversi-4.10.5-1.fc18

Kreversi is a simple one player strategy game played against the computer. The playing field is an 8 by 8 square board divided into 64 squares. The game pieces used are two sided stones, where each side has its own, distinctive color. If a piece is captured by an opposing player, that piece is...