8x8 Bounty: admin.8x8.vc: Member users with no permission can integrate email to connect calendar via GET /meet-external/spot-roomkeeper/v1/calendar/auth/init?..

An improper access control vulnerability was discovered on the admin section of 8x8's video conferencing platform. Member users with no permission were able to exploit this vulnerability to integrate their email and connect their calendar to the platform. This allowed them to access areas they we...

Native integrations in Wallarm WAF

How to configure sending reports to email? How to get a notification to the messenger about an event requiring a response? How to connect Wallam and other solutions that use DevOps and the security team? Integrations will help to solve all these issues in Wallam WAF. And today we'll talk about th...

Slack: Snooping into messages via email service

@uranium238 discovered a vulnerability with a 3rd party email integration provider which would allow messages in Slack email integrations to be leaked. We worked with the 3rd party to get this issue resolved, and performed a thorough investigation to confirm that this had never been exploited...

SA-CONTRIB-2011-057 - Support Ticketing System - Cross Site Scripting (XSS)

The Support Ticketing System module provides a basic ticketing system and helpdesk that is native to Drupal, offering complete email integration. The module does not properly sanitize user-supplied content, resulting in multiple Cross-Site Scripting XSS vulnerabilities. This vulnerability is...