CVE-2022-39303

CVE-2022-39303 (Ree6) is a SQL injection vulnerability in Ree6 moderation bot. The issue allows manipulation of SQL queries in versions prior to 1.7.0. The vulnerability was mitigated by upgrading to 1.7.0, which uses Java PreparedStatements to safely set parameters and prevent injection. The con...

CVE-2022-39302 Ree6 may bypass webhook protection

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protection...

CVE-2022-39302

CVE-2022-39302 affects Ree6, a Discord moderation bot. Multiple sources describe a cross-server channel targeting flaw where a specially crafted log message can cause a configuration like “Better-Audit-Logging” to reference a channel in another server, enabling sending log messages to that channe...

kernel security, bug fix, and enhancement update

5.14.0-70.26.1.0.10.OL9 - lockdown: also lock down previous kgdb use Daniel Thompson Orabug: 34290418 CVE-2022-21499 5.14.0-70.26.10.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted...

CVE-2022-30015

In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/allusers.php like Full Username, etc .This causes stored xss...

Design/Logic Flaw

x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the sam...

CVE-2022-23604

Affected software: x26-Cogs Defender cog for the Red Discord bot. Vulnerability: pre-1.10.0 Defender allowed users with admin privileges to issue commands as other users on the same server, enabling potential privilege escalation to bot-owner restricted commands if a bot owner shares the server. ...

WhatsApp’s End-to-End Encryption Isn’t Actually Broken

End-to-end encryption isn’t designed to secure messages against the intended recipients. New revelations about WhatsApp’s moderator access to messages last week might seem like they run counter to the company’s privacy-forward brand, but a closer look shows the messaging service’s privacy...

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0 Content-Type:...

TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data

Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform. The policy change, first spotted by TechCrunch, went into...

CVE-2021-33506

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrictroomcreation is set by default. This can allow an attacker to circumvent conference moderation...

CVE-2021-33506

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrictroomcreation is set by default. This can allow an attacker to circumvent conference moderation...

Design/Logic Flaw

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrictroomcreation is set by default. This can allow an attacker to circumvent conference moderation...

CVE-2021-33506

CVE-2021-33506 affects jitsi-meet-prosody in Jitsi Meet prior to 2.0.5963-1, where restrict_room_creation is not enabled by default. This misconfiguration can allow an attacker to circumvent conference moderation. Connected sources confirm the issue across multiple vectors (Red Hat CVE page and C...

CVE-2021-33506

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrictroomcreation is set by default. This can allow an attacker to circumvent conference moderation...

How chat platforms are using Machine Learning for content moderation?

By Uzair Amir More and more online services are using Machine Learning ML, the method of data analysis that will automate the building of analytical mode. This is a post from HackRead.com Read the original post: How chat platforms are using Machine Learning for content moderation?...

WordPress <= 2.0.11 CSRF Vulnerability

WordPress is prone to a cross-site request forgery CSRF vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Researcher Builds Parler Archive Amid Amazon Suspension

A security researcher said she has scraped and is archiving 99 percent of Parler’s public posts, as the social-media network goes offline following suspensions from Amazon, Apple and Google. Archived content includes public posts from the social-media site. These posts reportedly included Parler...

Trump and the Limits of Content Moderation

The president’s televised encouragement of white supremacy and political violence was a reminder that social media didn’t create these problems...

Twitter Hacked in Bitcoin Scam

It started with one weird tweet. Then another. Quickly, some of the most prominent accounts on Twitter were all sending out the same message; I am giving back to the community. All Bitcoin sent to the address below will be sent back double! If you send $1,000, I will send back $2,000. Only doing...