Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command

An issue was discovered in Mattermost Server before 5.1.0. It allows attackers to cause a denial of service via the invitepeople slash command...

GHSA-5MH6-P63G-3MV5 Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command

An issue was discovered in Mattermost Server before 5.1.0. It allows attackers to cause a denial of service via the invitepeople slash command...

GHSA-C253-8HR4-R8V9 Mattermost Server exposes private team invite ID

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document...

Mattermost Server exposes private team invite ID

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document...

GHSA-JWFV-5HWQ-F97R Mattermost Server exposes team invite IDs through API endpoints

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...

Mattermost Server exposes team invite IDs through API endpoints

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

Design/Logic Flaw

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

CVE-2022-23068

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

TikTok: Email address disclosure via invite token validatiion

The possibility of email address disclosure was found on a Business.TikTok.com endpoint as no rate limit was implemented on the invite token. We thank @noobbutcut3 for reporting this to our team...

Vulnerability fixed in Mattermost

A vulnerability has been fixed in Mattermost with versions lower than 6.5. Email invitations to a Mattermost channel or server are insufficiently invalidated when selected by an administrator. This allows a person to still participate in Mattermost channels even though access has been revoked aft...

Denial Of Service (DoS)

asterisk is vulnerable to denial of service DoS attacks. A null pointer dereference in chansip while handling SDP negotiation allows an attacker to crash the system when handling an SDP answer to an outgoing T.38 re-invite...

Denial Of Service (DoS)

Sangoma Asterisk is vulnerable to denial of service. The vulnerability exists because it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP resulting an application crash...

Denial Of Service (DoS)

asterisk is vulnerable to denial of service. The vulnerability exists due to an infinite loop when the system is challenged on an outbound INVITE and when the nonce is changed in each response...

WordPress All in One Invite Codes plugin <= 1.0.12 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress All in One Invite Codes plugin versions = 1.0.12. Solution Update the WordPress All in One Invite Codes plugin to the latest available version at least 1.0.13...

WordPress All in One Invite Codes plugin <= 1.0.12 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress All in One Invite Codes plugin versions = 1.0.12. Solution Update the WordPress All in One Invite Codes plugin to the latest available version at least 1.0.13...

Mattermost: Invitation Email is resent as a Reminder after invalidating pending email invites

An issue was found in Mattermost's workspace invite system that allowed unwanted users to join a workspace, leading to potential information disclosure. The vulnerability was caused by the lack of an option to cancel an invite, which could be exploited by an attacker to join a workspace even if t...

SecurityScorecard: HTML injection through Invite Teammate email

Summary: I found HTML injection on domain https://platform.securityscorecard.io/ when we send invite teammate email. In this case "message" parameter is vulnerable. Steps To Reproduce: 1. Go to page https://platform.securityscorecard.io/ and login. 2. Now go to page...

Grafana Cross Site Request Forgery

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example,...

Mageia: Security Advisory (MGASA-2014-0172)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...