40 matches found
CVE-2025-14822 DoS from quadratic complexity in model.ParseHashtags
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...
CVE-2025-14822
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...
CVE-2025-14822 DoS from quadratic complexity in model.ParseHashtags
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...
CVE-2025-14822
Mattermost contains a vulnerability (CVE-2025-14822) affecting versions 10.11.x up to 10.11.8 where input size is not validated before processing hashtags. An authenticated attacker can exhaust CPU resources with a single HTTP POST containing thousands of space-separated tokens in a post, leading...
PT-2026-3241
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.8 Description Mattermost versions 10.11.x up to and including 10.11.8 do not properly validate the size of input before processing hashtags. This allows an authenticated attacker to consume excessive C...
TikTok: Using Branded Hashtag Feature User Partnered with Account Manager Can View Videos Uploaded By A Private TikTok Account If 'item_id' Is Known
The branded hashtag feature on TikTok allowed users partnered with an account manager to view videos uploaded by private accounts if the video ID was known. This vulnerability has been remediated...
Announcing the Eighth Annual Flare-On Challenge
The FLARE team is once again hosting its annual Flare-On challenge, now in its eighth year. Take this opportunity to enjoy some extreme social distancing by solving fun puzzles to test your mettle and learn new tricks on your path to reverse engineering excellence. The contest will begin at 8:00...
Reddit: [dubsmash] Long String in 'shoutout' Parameter Leading Internal server Error on Popular hastags , Community and User Profile
Summary: If the user input a long string in the 'shoutout' parameter of the 'CreateVideo' API then all the APIs where this video is supposed to appear eg: hashtag API, community API, and user profile API will throw 'internal server error' in the response. This will cause a denial of service attac...
TwitWork - Monitor Twitter Stream
Monitor twitter stream. TwitWork use the twitter stream which allows you to have a tweets in real-time. There is an input that allows you to filter the flow on one or more keywords or on an @ based on twitter tracking Demo This is a demo of export data on keyword "Coronavirius"...
hashtag-pizza.fr Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1096527 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
hashtag-me.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-991291 Security Researcher geeknik Helped patch 8887 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting hashtag-me.com website and...
Announcing the Sixth Annual Flare-On Challenge
The FireEye Labs Advanced Reverse Engineering FLARE team is thrilled to announce that the popular Flare-On reverse engineering challenge will return for the sixth straight year. The contest will begin at 8:00 p.m. ET on Aug. 16, 2019. This is a CTF-style challenge for all active and aspiring...
Twitter-Intelligence - Twitter Intelligence OSINT Project Performs Tracking And Analysis Of The Twitter
A project written in Python to twitter tracking and analysis without using Twitter API. Prerequisites This project is a Python 3.x application. The package dependencies are in the file requirements.txt. Run that command to install the dependencies. pip3 install -r requirements.txt Database SQLite...
Announcing the Fifth Annual Flare-On Challenge
The FireEye Labs Advanced Reverse Engineering FLARE team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 2018. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. So dust off your disassembler, pu...
Announcing the Fourth Annual Flare-On Challenge
The fourth annual Flare-On Challenge – the FireEye Labs Advanced Reverse Engineering FLARE team’s yearly reverse engineering contest – is scheduled to kick off on Sept. 1, 2017, at 8pm ET. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security...
Announcing the Fourth Annual Flare-On Challenge
The fourth annual Flare-On Challenge – the FireEye Labs Advanced Reverse Engineering FLARE team’s yearly reverse engineering contest – is scheduled to kick off on Sept. 1, 2017, at 8pm ET. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security...
[HashTag] Password Hash Type Identification (Identify Hashes)
HashTag.py is a Python script written to parse and identify the password hash type used. HashTag supports the identification of over 250 hash types along with matching them to over 110 hashcat modes use the command line switch -hc to output the hashcat modes. It is also able to identify a single...
WordPress Social Hashtag 2.0.0 Cross Site Scripting
Exploit Title: WordPress Social Hashtag 2.0.0 Cross Site Scripting Date: 2013 2 October Author: Arsan Software Link: http://wordpress.org/plugins/social-hashtags/ Version : 2.0.0 Tested on: Linux & Windows Category: webapps + Exploit : - Description : 1 Download "Social Hashtag" And Install 2 Go...
ABC hacked after anti-Islam politician Interview
The Australian Broadcasting Corporation ABC is investigating data breach after Lateline interviewed Dutch anti-Islam politician Geert Wilders. A hacker going by the handle "Phr0zenMyst" has claimed to have hacked a web site associated with the ABC television program Making Australia Happy, leakin...
Security update 1970-01-01
...