62 matches found
CVE-2024-9821
CVE-2024-9821 : The WordPress plugin “Bot for Telegram on WooCommerce” is vulnerable to sensitive information disclosure due to missing authorization checks on the stm_wpcfto_get_settings AJAX action, affecting all versions up to 1.2.4. Authenticated attackers with subscriber-level access and abo...
CVE-2024-9821 Bot for Telegram on WooCommerce <= 1.2.7 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...
PT-2024-39866 · WordPress · The Bot For Telegram On Woocommerce
Name of the Vulnerable Software and Affected Versions: The Bot for Telegram on WooCommerce plugin for WordPress versions up to, and including, 1.2.4 Description: The issue is related to sensitive information disclosure due to missing authorization checks on the 'stm wpcfto get settings' AJAX...
Exploit for CVE-2024-9821
CVE-2024-9821 Bot for Telegram on WooCommerce = 1.2.4 - Au...
GHSA-94PR-W968-H923 Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file jenkinsci.plugins.telegrambot.TelegramBotGlobalConfiguration.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...
CVE-2024-34147
Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
Plaintext Storage of a Password in Jenkins Build Notifications Plugin
Build Notifications Plugin 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration:- Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml\n- Slack Bot Token in...
GHSA-FRXG-HF44-Q765 Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp
Impact Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to a web server not affiliated with Discord...
CVE-2022-24849
DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...
CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client
DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...
CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client
DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...
CVE-2022-24849
DisCatSharp (Discord API wrapper for .NET) versions 9.8.5–9.9.0 and prereleases of 10.0.0 may have sent bot tokens to a DisCatSharp-owned web server when using either the two RequireDisCatSharpDeveloperAttribute attributes or BaseDiscordClient.LibraryDeveloperTeam. The issue was addressed in 9.9....
DisCatSharp 信息泄露漏洞
DisCatSharp is a lovely wrapper for the Discord API. An information disclosure vulnerability exists in DisCatSharp versions 9.8.5, 9.8.6, 9.9.0, and 10.0.0 pre-release, which stems from the use of two RequireDisCatSharpDeveloperAttribute or BaseDiscordClient. One of the LibraryDeveloperTeam sends...
PuddingBot Trust Management Issue Vulnerability
PuddingBot is a group management bot. PuddingBot is vulnerable to a trust management issue, which can be exploited by attackers to obtain a bot token in main.py...
CVE-2022-21669
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...
Code injection
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...
CVE-2022-21669 Bot token exposed in main.py
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...
Pudding-Bot 信任管理问题漏洞
PuddingBot is a group management bot. PuddingBot is vulnerable to a trust management issue, which can be exploited by attackers to obtain a bot token in main.py...
CVE-2022-21669
The CVE-2022-21669 entry concerns PuddingBot, a group-management bot. Affected versions are 0.0.6-b933652 and earlier, where the bot token is publicly exposed in main.py due to the trust/credential handling issue. The token has been revoked and a new version is already deployed on the server. Pub...
CVE-2022-21669 Bot token exposed in main.py
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...