2283 matches found
Malicious Package
Overview From https://blog.sonatype.com/sonatype-spots-more-discord-malware-in-npm?hspreview=BbDPGbfh-40737456755: The malicious packages were detected by Sonatype’s Security Research Team leveraging Sonatype’s Nexus Intelligence research service. On analyzing these packages closely, our Security...
Malicious Package
Overview From https://blog.sonatype.com/sonatype-spots-more-discord-malware-in-npm?hspreview=BbDPGbfh-40737456755: The malicious packages were detected by Sonatype’s Security Research Team leveraging Sonatype’s Nexus Intelligence research service. On analyzing these packages closely, our Security...
CVE-2021-1725
Bot Framework SDK Information Disclosure Vulnerability...
CVE-2021-1725
Bot Framework SDK Information Disclosure Vulnerability...
PYSEC-2021-422
Bot Framework SDK Information Disclosure Vulnerability...
Information disclosure
Bot Framework SDK Information Disclosure Vulnerability...
PYSEC-2021-422
Bot Framework SDK Information Disclosure Vulnerability...
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability
...
CVE-2021-1725
CVE-2021-1725 corresponds to a Bot Framework SDK Information Disclosure vulnerability. Connected sources show the issue in the Bot Framework’s botframework-connector component, where a malicious claim could be incorrectly authenticated when bots are not configured as a Skill. The root cause invol...
Bot Framework SDK Information Disclosure Vulnerability
...
Microsoft Bot Framework Information Disclosure Vulnerability
Microsoft Bot Framework is a development framework for building intelligent bot applications from Microsoft USA. The framework supports bots to seamlessly connect to text/messaging, Office 365 email, Skype, Slack and other services. An information disclosure vulnerability exists in the Microsoft...
KLA12040 Multiple vulnerability in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege...
PT-2021-1610 · Microsoft · Bot Framework Sdk
Name of the Vulnerable Software and Affected Versions: Bot Framework SDK versions prior to the fixed version Description: The vulnerability is related to the lack of protection of service data in the Bot Framework SDK. It may allow a remote attacker to gain unauthorized access to protected...
Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA
A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept PoC of the attack on January 2. "The idea of the attack is very simple...
CVE-2020-26249
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...
CVE-2020-26249
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...
PYSEC-2020-98
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...
PYSEC-2020-98
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
Impact A RCE exploit has been discovered in the Red Discord Bot - Dashboard Webserver: this exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it's possible to perform destructive...
GHSA-HM45-MGQM-GJM4 Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
Impact A RCE exploit has been discovered in the Red Discord Bot - Dashboard Webserver: this exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it's possible to perform destructive...