Code injection

In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users aka UserInvite can invite users to teams with escalated privileges...

CVE-2017-15611

In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users aka UserInvite can invite users to teams with escalated privileges...

CVE-2017-15611

In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users aka UserInvite can invite users to teams with escalated privileges...

CVE-2017-15611

In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users aka UserInvite can invite users to teams with escalated privileges...

Inflection: Limited arbitrary text inclusion in user invite emails

When creating a GoodHire account, a fairly wide range of ASCII characters are permitted in certain fields like Company Name. This field is included in email templates that are automatically sent to new users when an account owner invites them to join a GoodHire account. Theoretically, spam conten...

WordPress Invite Anyone plugin <=1.3.18 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found in WordPress Invite Anyone plugin versions =1.3.18. Solution Update the WordPress Invite Anyone plugin to the latest available version at least version 1.3.19...

Rockstar Games: Stored XSS via Send crew invite

In this report, the researcher was able to demonstrate a vulnerability in our Crew Invite mechanism that could have allowed an attacker to carry out a Stored XSS attack. By modifying a request in-flight and injecting unexpected characters in the Invitation message body, it was possible to escape...

berlinersingles.de XSS vulnerability

Vulnerable URL: https://www.berlinersingles.de/user/invite/registered Details: Description| Value ---|--- Patched:| No Latest check for patch:| 06.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 401131 VIP website status:| No Check berlinersingles.de SSL...

4G VoLTE the presence of the vulnerability can cause the phone user's location and other personal information disclosure-vulnerability warning-the black bar safety net

! In recent years, 4G VoLTE in the global field of mobile communications is increasingly popular popular, has now become the most European Region and Asian countries of the trend. And recently, the French security company P1 security by reporting a detailed list of a long string on 4G VoLTE call...

Unspecified Vulnerability in Zulip Server

Zulip Server is a set of open source group chat application written in Python based on the Django framework . A security vulnerability exists in the implementation of the invitebyadminsonly setting in Zulip Server 1.5.1 and earlier versions. An attacker can exploit the vulnerability to invite oth...

CVE-2017-0896

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invitebyadminsonly setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this...

WordPress Invite Anyone plugin <=1.3.15 - Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability

WordPress Invite Anyone plugin Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS vulnerabilities were found in 1.3.15 version. The settings are passed without any sanitization to function registersetting. Solution Update the plugin...

WordPress Invite Anyone Plugin Security Bypass Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Invite Anyone is one of the invitation components. A security bypass vulnerability exists in the by-email/by-email.php...

Code injection

An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack...

CVE-2017-6955

An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack...

CVE-2017-6955

The CVE-2017-6955 vulnerability affects the WordPress plugin Invite Anyone, specifically by-email/by-email.php in versions prior to 1.3.15. An authenticated or sufficient-privileges user can modify the subject and body of the invitation email, which should be immutable, facilitating social engine...

Invite Anyone <= 1.3.14 - Change of Email Invitation Content

The Invite Anyone WordPress plugin was affected by a Change of Email Invitation Content security vulnerability...

Asterisk SIP Channel Authentication Bypass (AST-2016-009)

According to its SIP banner, the version of Asterisk running on the remote host is 11.x prior to 11.25.1, 13.x prior to 13.13.1, 14.x prior to 14.2.1, 11.6 prior to 11.6-cert16, or 13.8 prior to 13.8-cert4. Is it, therefore, affected by an authentication bypass vulnerability in the chansip channe...

DEBIAN-CVE-2016-9938

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chansip channel driver has a liberal definition for whitespace when attempting to strip the content betwe...

The vulnerability of Cisco PIX software allows a malicious individual to trigger a service failure.

The vulnerability in the implementation of the SIP protocol in Cisco products including IP phones, IOS, and Secure PIX allows malicious actors to trigger service failures and execute arbitrary codes by using specially crafted INVITE messages...