Rocket.Chat: Unauthenticated clients can modify Livechat Business Hours

The Meteor method "livechat:saveOfficeHours" allowed unauthenticated clients to modify the global Livechat Business Hours by directly updating the database model...

Rocket.Chat: Unread Messages can leak Message IDs

The Meteor Method "unreadMessages" could leak existing Message IDs to unauthorized clients when called with a regular expression. The vulnerability was present in Rocket.Chat versions 3.9.3 and develop...

Rocket.Chat: Pinning leaks message content

The message content could be improperly pinned, allowing the content to be leaked to an unauthorized client. Validation was lacking in the pinMessage method, which allowed arbitrary messages to be pinned regardless of the user's access. This permitted messages from private channels to be exposed ...

Rocket.Chat: SAML authentication bypass through unauthenticated `addSamlProvider` Meteor Call

Summary: Rocket.Chat exposes an unauthenticated Meteor method addSamlProvider, which allows disabling SAML signature verification. Description: The addSamlProvider Meteor method sets a number of settings, among them a boolean flag that defaults to false: js export const addSamlService =...

Rocket.Chat: User Impersonation through sendMessage options

The Meteor call "sendMessage" allowed clients to use custom avatar and alias parameters, which could be used to impersonate other chat room members. This vulnerability has been patched...

Meteor Game Accelerator has dll hijacking vulnerability

Meteor Game Accelerator is a free online game gas pedal. Meteor Game Accelerator has a dll hijacking vulnerability. An attacker can exploit this vulnerability to execute malicious code...

Exploit for Improper Handling of Exceptional Conditions in Sockjs_Project Sockjs

CVE-2020-7693: Meteor A demo Meteor app running the vuln...

Code Execution Vulnerability in Meteor Internet TV

Meteor Web TV is an online web video playback tool. A code execution vulnerability exists in Meteor Web TV, which can be exploited by attackers to execute arbitrary code...

Grammarly: Unauthenticated users can access all food.grammarly.io user's data

Summary: The food.grammarly.io site uses the Meteor framework, which uses publications and methods to communicate between the backend and frontend. Although the site seems to require being authenticated as a Grammarly employee to use it, most methods and publications work without being...

Unspecified vulnerability in react-native-meteor-oauth

react-native-meteor-oauth is a plugin for logging in to the Meteor server in React Native. A security vulnerability exists in react-native-meteor-oauth, which stems from the program's use of a weakly encrypted pseudo-random number generator to generate oauth random tokens Random Token. An attacke...

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

Design/Logic Flaw

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

CVE-2017-16028

CVE-2017-16028 affects IBM Tivoli Netcool/OMNIbus WebGUI via the React/Node.js component (react-native-meteor-oauth) using a weak RNG (Math.random) for OAuth tokens. Remediation: upgrade WebGUI to 8.1.0 Fix Pack 28 (affecting 8.1.0 FP27 and earlier).

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

Legal Robot: Privilege Escalation to Admin-level Account

A security researcher discovered a potentially serious privilege escalation issue in our system which was ultimately traced to our use of the allow-deny package provided in the open source Meteor framework. We implemented a short-term fix using triggers - not great performance on the same day thi...

Cryptographically Insecure Token Generation

react-native-meteor-oauth generates insecure tokens. These tokens are insecure because they are generated using the randomatic package which is not cryptographically secure. This makes it easier for attackers to brute force tokens...

meteor.aihw.gov.au XSS vulnerability

Vulnerable URL: http://meteor.aihw.gov.au/content/index.phtml/itemId/237518?filter=1=10=all=any=any=Standard=meteorDataElement=meteorDss=%22%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:|...

[SECURITY] Fedora 20 Update: rubygem-passenger-4.0.53-3.fc20

Phusion Passenger=C2=AE is a web server and application server, designed to be fast, robust and lightweight. It takes a lot of complexity out of deploying web a pps, adds powerful enterprise-grade features that are useful in production, and makes administration much easier and less complex. It...

Mozilla Defense Platform: MozDef

Mozilla Defense Platform The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders...