162 matches found
CVE-2023-27652
creationtimestamp| type| source ---|---|--- 2023-04-20 18:30:57+00:00| seen| https://t.me/cibsecurity/62529...
Rocket.Chat actionLinkHandler Information Disclosure Vulnerability
Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an information disclosure vulnerability that stems from the actionLinkHandler method allowing message ID enumeration using a Regex MongoDB query. An attacker can exploit the vulnerability to obtain sensitive information...
CVE-2022-32218
An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries...
Information disclosure
An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries...
CVE-2022-32218
An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries...
CVE-2022-32218
CVE-2022-32218 – Rocket.Chat information disclosure : The vulnerability stems from actionLinkHandler/ actionLinks.getMessage not validating input, allowing authenticated users to enumerate Message IDs via a regex MongoDB query. Impact: potential exposure of sensitive information by enumerating ex...
Rocket.Chat 信息泄露漏洞
Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an information disclosure vulnerability that stems from the actionLinkHandler method allowing message ID enumeration using a Regex MongoDB query. An attacker can exploit the vulnerability to obtain sensitive information...
CVE-2022-38792
creationtimestamp| type| source ---|---|--- 2022-08-28 00:31:38+00:00| seen| https://t.me/cibsecurity/48939...
CVE-2022-35144
creationtimestamp| type| source ---|---|--- 2022-08-05 00:19:50+00:00| seen| https://t.me/cibsecurity/47589...
PT-2022-4943 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: An information disclosure issue exists due to insufficient input validation in the actionLinkHandler method, allowing Message...
CVE-2022-1425
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...
CVE-2022-28427
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=...
CVE-2022-28429
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=...
CVE-2022-21174
creationtimestamp| type| source ---|---|--- 2022-02-10 02:19:19+00:00| seen| https://t.me/cibsecurity/37159...
CVE-2021-24941
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the messageid parameter of the getmessageactionrow AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress icegram plugin in versions prior to 2.0.5 has a...
Untrusted code may be run from an overridden address validator
This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...
Security update for alpine (moderate)
openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0695-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...
CentOS 8 : thunderbird (CESA-2020:0577)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:0577 advisory. - Mozilla: Message ID calculation was based on uninitialized data CVE-2020-6792 - Mozilla: Out-of-bounds read when processing certain email messages...
Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4335-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an...