238 matches found
CVE-2023-28359
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...
CVE-2023-28359
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...
Sql injection
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...
CVE-2023-28359
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...
CVE-2023-28359
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...
Rocket.Chat SQL注入漏洞
Rocket.Chat is an open source team chat software. A NoSQL injection vulnerability exists in the Rocket.Chat listEmojiCustom method, which can be exploited by a remote attacker to submit a special request that allows custom emoticons to be uploaded to a Rocket.Chat instance, resulting in a delayed...
PT-2023-21669 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat affected versions not specified Description: A NoSQL injection issue has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji...
CVE-2023-28359
CVE-2023-28359 describes a NoSQL injection in Rocket.Chat’s listEmojiCustom method. The vulnerability can be exploited by unauthenticated users when there is at least one custom emoji uploaded, causing a delayed server response with limited impact. The available connected documents do not provide...
Rocket.Chat: NoSQL injection in listEmojiCustom method call
Vulnerability description not provided...
Arsenal - Recon Tool installer
Arsenal is a Simple shell script Bash used to install the most important tools and requirements for your environment and save time in installing all these tools. Tools in Arsenal Name | description ---|--- Amass | The OWASP Amass Project performs network mapping of attack surfaces and external...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
Information disclosure
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
CVE-2022-35246
Rocket.Chat’s CVE-2022-35246 is a NoSQL-Injection information disclosure in the getS3FileUrl Meteor server method. The vulnerability allows an authenticated user to disclose the redirect URL of arbitrary file uploads, due to insufficient access checks when retrieving the file URL. Affected versio...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
PT-2022-22653 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: A NoSQL-Injection information disclosure issue exists in the getS3FileUrl Meteor server method, which can disclose arbitrary...
Agentejo Cockpit NoSQL Injection (CVE-2020-35846)
A NoSQL Injection vulnerability exists in Agentejo Cockpit. Successful exploitation of this vulnerability could allow attackers to inject commands and execute arbitrary code on the affected system...
NoSQL Injection Authentication Bypass
A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of...
Rocket.Chat: NoSQL-Injection discloses S3 File Upload URLs
Summary A NoSQL-Injection vulnerability in the getS3FileUrl Meteor server method can disclose arbitrary file upload URLs to users that should not be able to access. Description The fileId argument of the getS3FileUrl Meteor server method is not validated and can contain a regular expression. The...