155 matches found
CVE-2025-66834
TrueConf Server is affected by a CSV Formula Injection in version 5.5.2.10813. A normal user can inject malicious spreadsheet formulas into exported chat logs by crafting the Display Name, indicating a CSV macro/formula injection vulnerability. Impact per sources is high confidentiality and integ...
TrueConf Server 安全漏洞
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. A security vulnerability exists in TrueConf server version 5.5.2.10813, which stems from the presence of HTML injection in the meeting description field, which could lead to the injection o...
CVE-2025-66824
A Stored Cross-Site Scripting XSS vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meetingroom parameter and executed when users visit the Conference Info page, allowing attackers...
CVE-2025-66824
TrueConf Server v5.5.2.10813 is affected by a Stored XSS in the Meeting location field (Create/Edit Conference) where input in the meeting_room parameter is stored and executed on the Conference Info page, enabling full Account Takeover (ATO). Root cause: improper sanitization of user-supplied in...
CVE-2025-66823
CVE-2025-66823 describes an HTML injection vulnerability in TrueConf Server 5.5.2.10813 in the conference description field. The issue allows an attacker to inject arbitrary HTML in Create/Edit conference functionality, with execution when the victim views the Conference Info page. Affected compo...
EUVD-2017-11126
Malware in sbrugna...
EUVD-2017-11124
Malware in sbrugna...
EUVD-2017-11127
Malware in sbrugna...
EUVD-2017-11125
Malware in sbrugna...
EUVD-2017-11121
Malware in sbrugna...
EUVD-2017-11123
Malware in sbrugna...
EUVD-2017-11122
Malware in sbrugna...
EUVD-2017-11120
Malware in sbrugna...
EUVD-2022-49546
Malicious code in bioql PyPI...
CVE-2022-46763
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code...
CVE-2022-46764
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution...
CVE-2017-20120
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...
CVE-2017-20116
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checkedgroupid leads to basic cross site scripting Reflected. It is possible to launch the attack remotely. T...
CVE-2017-20115
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting Reflected. The attack may be initiated remotely. The exploit...
CVE-2017-20118
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting DOM. The attack may be launched remotely. Th...