528 matches found
CVE-2021-39163 Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable...
CVE-2021-39163
CVE-2021-39163 affects Matrix Synapse (Matrix.org) up to version 1.41.0, where unauthorised users could learn a room’s name, avatar, topic, and member count by knowing the room ID. Impact is limited to homeservers that have enable_group_creation set to true; administrators can already access this...
Telegram Cross-Site Scripting Vulnerability
Telegram is an instant messaging mobile application. version 0.6.1 of Telegram Web K Alpha is vulnerable to a cross-site scripting vulnerability that stems from the fact that Telegram Web K Alpha allows XSS to pass through document names. An attacker could exploit the vulnerability to execute...
[SECURITY] Fedora 34 Update: matrix-synapse-1.38.1-1.fc34
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
Fedora: Security Advisory for matrix-synapse (FEDORA-2021-a627cfd31e)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Weak Password Vulnerability in IMWorks Instant Messaging Software
IMworks enterprise instant messaging software official version is an instant messaging tool launched by the enterprise information, can assist users to build a LAN intranet. IMWorks instant messaging software has a weak password vulnerability that can be exploited by attackers to obtain sensitive...
Denial of Service Vulnerability in WiseFaFa Chat Tool
WiseFaFaFa Chat Tool is a free instant messaging software. It has features such as instant messaging, automatic creation of business groups and business organization structure. A denial-of-service vulnerability exists in Huicong Fafa Chat Tool, which can be exploited by attackers to cause a...
Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...
Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...
The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.
The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.
The vulnerability of Adobe Connect’s instant messaging service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the Adobe Connect instant messaging program, related to insufficient validation of input data, allows a hacker to execute arbitrary code.
The vulnerability of the Adobe Connect instant messaging program is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the administrator account’s context...
CVE-2021-29471
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
CVE-2021-29471 Denial of service in Matrix Synapse
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
CVE-2021-1363
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...
Trend Micro IM Security 授权问题漏洞
Trend Micro IM Security is an instant messaging security solution from Trend Micro. The product supports malware scanning, content filtering, URL filtering, file blocking and data loss prevention. An authorization issue vulnerability exists in Instant Messaging Security versions prior to 1.6 CP3...
PYSEC-2021-25
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...
Design/Logic Flaw
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...
CVE-2021-21392
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...
CVE-2021-21392
Synapse (matrix-synapse) prior to version 1.28.0 is affected by a vulnerability where requests to user-provided domains could escape external IP restrictions on dual-stack networks due to transitional IPv6 addresses. This may allow outbound requests to internal infrastructure during federation, i...