Weak Password Vulnerability in IMWorks Instant Messaging Software

IMworks enterprise instant messaging software official version is an instant messaging tool launched by the enterprise information, can assist users to build a LAN intranet. IMWorks instant messaging software has a weak password vulnerability that can be exploited by attackers to obtain sensitive...

CVE-2021-24334

The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplashdownloadw and unsplashdownloadh parameter settings /wp-admin/upload.php?page=instant-images, only validating them client side before saving them, leading to a Stored...

Cross site scripting

The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplashdownloadw and unsplashdownloadh parameter settings /wp-admin/upload.php?page=instant-images, only validating them client side before saving them, leading to a Store...

CVE-2021-24334

The CVE concerns the WordPress plugin Instant Images – One Click Unsplash Uploads,

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Instant Images - One Click Unsplash Uploads A security...

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of the Adobe Connect instant messaging program, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Connect instant messaging program is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the administrator account’s context...

The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of Adobe Connect’s instant messaging service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

CVE-2021-29471

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

CVE-2021-29471 Denial of service in Matrix Synapse

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

CVE-2021-1363

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...

Trend Micro IM Security 授权问题漏洞

Trend Micro IM Security is an instant messaging security solution from Trend Micro. The product supports malware scanning, content filtering, URL filtering, file blocking and data loss prevention. An authorization issue vulnerability exists in Instant Messaging Security versions prior to 1.6 CP3...

SQL Injection Vulnerability in Budget Instant Audit System of Beijing Zhongke Shangxin Technology Co.

Ltd. is the pioneer of comprehensive budget informatization solution for domestic enterprises, creating enterprise financial management platform software and mobile reimbursement bill of lading. A SQL injection vulnerability exists in the Budget Instant Audit System of Beijing Zhongke Shangxin...

WordPress Instant Images – One Click Unsplash Uploads plugin <= 4.4.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Instant Images – One Click Unsplash Uploads plugin versions = 4.4.0. Solution Update the WordPress Instant Images – One Click Unsplash Uploads plugin to the latest available version at least 4.4.0.1...

The vulnerability of the backup function for momentary database snapshots in MongoDB Cloud Manager, MongoDB Ops Manager, MongoDB Atlas Legacy Backups, and the document-oriented database management system MongoDB allows a hacker to trigger a service failure.

The vulnerability of the backup function for instant snapshots of MongoDB Cloud Manager, MongoDB Ops Manager, MongoDB Atlas Legacy Backups, and document-oriented database management systems is related to improper handling of conflicting special elements. Exploiting this vulnerability can allow an...

There are multiple vulnerabilities in BlueLine OA

BlueLine OA Office System is an OA office tool for instant office communication. There are multiple vulnerabilities in BlueLine OA that can be exploited by attackers to gain control of the server...

PYSEC-2021-25

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

Design/Logic Flaw

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...