Information disclosure

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the canforgesender permission previously isapisuperuser resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same...

CVE-2021-30478

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the canforgesender permission previously isapisuperuser resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same...

CVE-2021-30478

Summary: CVE-2021-30478 affects Zulip Server before 3.4. A bug in the can_forge_sender permission (formerly is_api_super_user) allows users with that permission to send messages that appear to come from a system bot, including to other organizations on the same Zulip deployment. The issue is root...

Bad Bot Report 2021: The Pandemic of the Internet

The 8th Annual Bad Bot Report is now available from Imperva. Created using data from Imperva’s Threat Research Lab, it provides a comprehensive look at the bad bot landscape and the impact that this malicious traffic has across multiple industries. Bad bot traffic amounted to 25.6 percent of all...

Improper Input Validation

sopelpluginschannelmgnt suffers from improper input validation. The issue causes the removal of the bot to the allowed when multiple users are specified to be kicked/banned at once using the , or delimeters...

CVE-2021-21433

Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2...

CVE-2021-21433

CVE-2021-21433 concerns the Discord Recon Server bot. Multiple sources confirm a remote code execution vulnerability in version 0.0.1 that would allow remote attackers to execute commands on the server. The issue is mitigated by upgrading to 0.0.2 . The connected documents consistently describe t...

CVE-2021-21431

sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from oth...

PYSEC-2021-58

sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from oth...

CVE-2021-21431

The CVE-2021-21431 entry affects the sopel-channelmgnt plugin for Sopel. In versions prior to 2.0.1, on some IRC servers, the ability to remove the bot via kick/kickban could be bypassed when kicking multiple users at once. There is also a belief that removing users from other channels might have...

Alert — There's A New Malware Out There Snatching Users' Passwords

A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active developmen...

CVE-2021-21431

sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from oth...

PT-2021-14503 · Unknown · Sopel-Channelmgnt

Name of the Vulnerable Software and Affected Versions: sopel-channelmgnt versions prior to 2.0.1 Description: The issue concerns the sopel-channelmgnt plugin for sopel, where restrictions around the removal of the bot using the kick/kickban command could be bypassed on some IRC servers when kicki...

A deep dive into Saint Bot, a new downloader

This post was authored by Hasherezade with contributions from Hossein Jazi and Erika Noerenberg In late March 2021, Malwarebytes analysts discovered a phishing email with an attached zip file containing unfamiliar malware. Contained within the zip file was a PowerShell script masquerading as a li...

PYSEC-2021-111

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

Web Application Firewalls Instrumental in Digital-First Banking

Like many industries, the banking and insurance sectors have shifted their resources to be digital-first, all the more so since the start of the global pandemic. For today’s customers, who increasingly begin their banking experiences using digital channels, whether online or mobile, a digital-fir...

Authentication Bypass

microsoft.bot.connector is vulnerable to authentication bypass. An attacker is able to bypass authentication using a malicious claim that is incorrectly authenticated by the bot. The vulnerability affects bots that are not configured to be used as a Skill and requires an an attacker to have...

GHSA-CQFF-FX2X-P86V botframework-connector vulnerable to Improper Authentication

Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see the...

botframework-connector vulnerable to Improper Authentication

Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see the...

GHSA-QXX8-292G-2W66 Improper Authentication

Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see t...