Lucene search
+L

269 matches found

CNNVD
CNNVD
added 2022/09/23 12:0 a.m.6 views

Rocket.Chat 安全漏洞

Rocket.Chat is an open source team chat software. Chat suffers from an elevation of privilege vulnerability that stems from improper privilege management in the application, which can be exploited by any authenticated attacker to gain elevated privileges to view direct messages without proper...

4.3CVSS7.1AI score0.00647EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.5 views

Rocket.Chat 信息泄露漏洞

Rocket.Chat is an open source team chat software. A message disclosure vulnerability exists in Rocket.Chat versions prior to 5.0, which stems from the getUserMentionsByChannel meteor server method disclosing messages from private channels and direct messages, regardless of the user's access right...

6.5CVSS6.4AI score0.00786EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/23 12:0 a.m.5 views

PT-2022-21159 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Description: An information disclosure issue exists due to the getUserMentionsByChannel meteor server method, which discloses messages from private channels and direct messages regardless of the user's access...

6.5CVSS6.2AI score0.00786EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/09/23 12:0 a.m.5 views

PT-2022-22656 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Description: A information disclosure issue exists where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the user's access permission...

4.3CVSS4.6AI score0.00632EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/09/05 6:15 a.m.2 views

CVE-2022-39840

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM...

4.8CVSS5.8AI score0.00411EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/05 12:0 a.m.5 views

PT-2022-25031 · Unknown · Cotonti Siena

Name of the Vulnerable Software and Affected Versions: Cotonti Siena version 0.9.20 Description: The issue allows admins to conduct stored XSS attacks via a direct message DM. Recommendations: For Cotonti Siena version 0.9.20, update to a version that fixes this issue, as using direct messages fo...

4.8CVSS4.7AI score0.00411EPSS
Exploits1References4
OSV
OSV
added 2022/06/21 7:0 p.m.8 views

CVE-2022-31095 Exposure of Sensitive Information in discourse-chat

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...

4.3CVSS6.8AI score0.00542EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/21 12:0 a.m.8 views

PT-2022-20523 · Discourse · Discourse-Chat

Name of the Vulnerable Software and Affected Versions: discourse-chat versions prior to 0.4 Description: The issue affects the discourse-chat plugin for the Discourse application, allowing an attacker who knows the message ID for a channel they do not have access to, to view that message using th...

6.5CVSS6.4AI score0.00542EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/16 12:0 a.m.7 views

Haraj v3.7 跨站脚本漏洞

A cross-site scripting vulnerability exists in Haraj v3.7, a buying and selling platform from Haraj Saudi Arabia. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in some DM components. An attacker could exploit this vulnerability to execute...

5.4CVSS5.6AI score0.01149EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2022/06/13 7:42 p.m.6 views

Exploit for Cross-site Scripting in Angtech Haraj

CVE-2022-31300 Haraj Script 3.7 - DM Section Authenticated Sto...

5.4CVSS5.9AI score0.01149EPSS
Exploits1
Hacker One
Hacker One
added 2021/11/25 3:0 p.m.27 views

Rocket.Chat: getUserMentionsByChannel leaks messages with mention from private channel

Summary The getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. Description When calling the getUserMentionsByChannel method, the server does not check the users access to the given room...

4CVSS1.9AI score0.00786EPSS
Exploits2
Hacker One
Hacker One
added 2021/04/04 2:33 p.m.59 views

X (Formerly Twitter): Bypass t.co link shortener in Twitter direct messages

The researcher demonstrated a way to create a link that will not be replaced with safe shortened t.co url, by sending Direct Messages containing more than 50 t.co links to another Twitter user. If the recipient views the message using Twitter’s Android app, and clicks the 51st link in the...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/08/05 9:36 p.m.57 views

Twitter Fixes High-Severity Flaw Affecting Android Users

Twitter has fixed a vulnerability in its Android app, which could have enabled attackers to access private Twitter data, like direct messages DMs on Android devices. The flaw is related to an underlying Android operating system OS security issue CVE-2018-9492, which affects operating system...

7.2CVSS7.6AI score0.00188EPSS
Exploits0References15
Hacker One
Hacker One
added 2020/07/07 1:23 p.m.29 views

Rocket.Chat: It is possible to elevate privileges for any authenticated user to view permissions matrix and view Direct messages without appropriate permissions.

Description: ===================== For the user with "View Private Room" permission only it is possible to rewrite permission role e.g. to admin in /api/v1/me method response via some proxy tools e.g. Charles and get access to servers permissions matrix and view Direct messages. Releases Affected...

4CVSS0.4AI score0.00647EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/06/19 12:0 a.m.6 views

PT-2020-14019 · Mattermost · Mattermost Server

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 5.19.0 Description: An issue was discovered that allows attackers to rename a channel and cause a collision with a direct message. Recommendations: For versions prior to 5.19.0, update to version 5.19.0 or...

7.5CVSS7.4AI score0.0094EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/06/19 12:0 a.m.5 views

PT-2020-14008 · Mattermost · Mattermost Server

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 5.23.0 Description: An issue allows attackers to cause a denial of service, specifically an infinite loop, by exploiting automatic direct message replies. Recommendations: For versions prior to 5.23.0, upda...

7.5CVSS7.5AI score0.01114EPSS
Exploits0References6
Hacker One
Hacker One
added 2020/01/28 11:8 a.m.73 views

X (Formerly Twitter): iOS app crashed by specially crafted direct message reactions

Summary: iOS app crashed by specially crafted direct message reactions Description: Twitter does not properly sanitize direct message reactions, making it possible for arbitrary reaction text to be shown to the user via the message preview in the direct message list. Special characters such as \r...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2019/11/25 3:53 p.m.8 views

Slack: DoS on the Direct Messages

In November 2019, @cyanpiny alerted us to a vulnerability that could have allowed an attacker to cause a denial of service for Slack users. We implemented a fix within weeks, and nothing further is required from users to be protected. Thank you to @cyanpiny for finding this!...

4.6AI score
Exploits0
Hacker One
Hacker One
added 2018/11/06 10:4 a.m.19 views

X (Formerly Twitter): Incorrect details on OAuth permissions screen allows DMs to be read without permission

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: The OAuth screen can be tricke...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/09/22 10:44 a.m.3 views

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

The security and privacy issues with APIs and third-party app developers are something that's not just Facebook is dealing with. A bug in Twitter's API inadvertently exposed some users' direct messages DMs and protected tweets to unauthorized third-party app developers who weren't supposed to get...

6.5AI score
Exploits0
Rows per page
Query Builder