216 matches found
Legal Robot: Token leakage by referrer
A security researcher discovered that password reset tokens were leaked to Intercom which provides our support chat interface and Google Analytics. While the time between a user clicking on a password reset link and actually resetting the password is typically quite low, there was still some risk...
Cross-Site Scripting (XSS)
intercom-rails is vulnerable to cross-site scripting XSS attacks. A malicious user can inject or execute arbitrary script by pre-appending script tags before the arbitrary script in their data...
CVE-2014-3881
Cross-site request forgery CSRF vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users...
CVE-2014-2006
Cross-site scripting XSS vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users...
CVE-2014-2006
Cross-site scripting XSS vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-3881
CVE-2014-3881 describes a CSRF vulnerability in Intercom Web Kyukincho 3.x (prior to 3.0.030) that enables an attacker to hijack the user’s authenticated actions when a logged-in user visits a malicious page. Affected product: Web Kyukincho (Intercom, Inc.) prior to 3.0.030. Root cause: cross-sit...
CVE-2014-2006
CVE-2014-2006 is a cross-site scripting (XSS) vulnerability affecting Intercom Web Kyukincho. The issue resides in Web Kyukincho V3 before 3.0.030, where an arbitrary script could be injected and executed in the user’s browser via unspecified vectors. Affected product/version: Web Kyukincho V3 (p...
CVE-2014-2006
Cross-site scripting XSS vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-3881
Cross-site request forgery CSRF vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users...
JVN#80006084: Web Kyukincho vulnerable to cross-site scripting
Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest...
Researchers Warn of Prison Hacks, Opening Cell Doors
Remote hackers springing inmates from their jail cells — it sounds like a plot lifted from an old episode of “24” or “Prison Break.” But authorities are concerned by new research that claims such an attack is feasible. Research presented at the Hacker Halted conference in Miami last month by John...
Researchers Warn of Prison Hacks, Opening Cell Doors
In news that seems like it could be lifted from an old 24 or Prison Break plotline, authorities are concerned by new research that claims hackers could remotely open the cell doors of federal prisons. In addition to staging a jailbreak, hackers could sabotage a prison’s intercom system and...
NCH Software Office Intercom SIP Invite Remote Denial of Service Vulnerability
NCH Software Office Intercom is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted SIP INVITE requests. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
NCH Officeintercom 5.20 - Remote Denial of Service
NCH Officeintercom 5.20 - Remote Denial of Service !/usr/bin/python Exploit Title: NCH Officeintercom = v5.20 Remote Denial of Service Vulnerability Date: 11/24/2010 Author: xsploited security URL: http://www.x-sploited.com/ Contact: xsploitedsecurity at x-sploited.com Software Link:...