CVE-2020-26257

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...

CVE-2020-26257

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...

Design/Logic Flaw

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...

CVE-2020-26257 Denial of service attack via incorrect parameters to federation APIs

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...

CVE-2020-26257

CVE-2020-26257 affects Matrix Synapse, the Matrix homeserver. A malicious or poorly-implemented homeserver can inject malformed events by specifying a different room_id in the path of /send_join, /send_leave, /invite, or /exchange_third_party_invite, leading to a denial of service where future fe...

CVE-2020-26257

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...

CVE-2020-26257

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...

Injection

Google Chrome is vulnerable to injection attacks. The vulnerability existed because of an incorrect object type assumption in SVG in Google Chrome which allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

SQL Injection Vulnerability in the Backend Management System of Wastoduo

Nanjing Jiuzhe Software Technology Co., Ltd. business scope includes: software development, technical services, technical consulting services, technology transfer and so on. There is a SQL injection vulnerability in the backend management system of Waste DuoDuo. Attackers can utilize the...

BookStack Cross-Site Scripting Vulnerability (CNVD-2020-61018)

BookStack is BookStackApp team of a set of open source using PHP and Laravel to build wiki documentation platform . A security vulnerability exists in versions of BookStack prior to 0.30.4, which allows an attacker to insert javascript code or insert meta tags into a page, which could result in...

Ubuntu: Security Advisory (USN-4598-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SQL Injection Vulnerability in YouDianCMS v9.0

YouDian enterprise website management system abbreviated as YouDianCMS system set computer station, cell phone station, micro letter, APP, small program in one, shared space, data synchronization, is the domestic open source five stations in one excellent enterprise building station solutions...

Ubuntu 16.04 LTS : LibEtPan vulnerability (USN-4598-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4598-1 advisory. It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response...

Vulnerability fixed in Rapid7 Nexpose

Rapid7 has fixed a vulnerability in Nexpose. The vulnerability potentially allows a local malicious person to perform a SQL injection attack that could access gain access to sensitive data or manipulate data. Rapid7 has released updates to fix the vulnerability in Nexpose 6.6.49. For more...

Ubuntu 18.04 LTS : Yaws vulnerabilities (USN-4569-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4569-1 advisory. It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity XXE...

USN-4528-1: Ceph vulnerabilities

Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to preform an HTTP header injection attack. CVE-2020-10753 Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remo...

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Evolution Data Server vulnerability (USN-4429-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4429-1 advisory. It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use...

USN-4429-1: Evolution Data Server vulnerability

It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack...

Apartment Visitors Management System Project 1.0 SQL Injection

Exploit Title: Apartment Visitors Management System Project 1.0 - Authentication Bypass Date: 2020-07-14 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...