SUSE CVE-2017-18917

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

CVE-2017-18917

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

EUVD-2017-9659

Malware in sbrugna...

EUVD-2017-10007

Malware in sbrugna...

EUVD-2022-1730

Malicious code in bioql PyPI...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. A security vulnerability exists in Discourse versions prior to 3.4.4, prior to 3.5.0.beta5, and prior to 3.5.0.beta6-dev, which stems fr...

CVE-2022-1385

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations...

BIT-MATTERMOST-2022-1385

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from Mattermost's inability to verify an invitee's permission for a team's private channel when processing email invitations to the channel,...

Patrik Dufresne Rdiffweb user redirection vulnerability

Patrik Dufresne Rdiffweb is a web application from the personal developer Patrik Dufresne, USA. Patrik Dufresne Rdiffweb is vulnerable to a user redirection vulnerability, which stems from the fact that the system does not handle target bounces properly and can be exploited to inject malicious...

Rdiffweb 输入验证错误漏洞

Patrik Dufresne Rdiffweb is a web application from the personal developer Patrik Dufresne, USA. Patrik Dufresne Rdiffweb is vulnerable to a user redirection vulnerability, which stems from the fact that the system does not handle target bounces properly and can be exploited to inject malicious...

Hyperlink injection leads to redirect victim to malicious website

Description Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/general 2 Set your full name as "Your account has been hacked please visit evil.com" 3 Save changes 4 Perform any activi...

CVE-2022-37458

CVE-2022-37458 affects Discourse up to version 2.8.7, where admins can invite arbitrary email addresses at an unlimited rate. Public sources describe the issue as a rate-limiting/ invitation-surfeit vulnerability in Discourse (2.8.x). The NVD entry lists CVSS3.1 base metrics: AV:N, AC:L, PR:H, UI...

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability in GitLab CE/EE all versions prior to 15.0.5, all...

Mattermost Access Control Error Vulnerability (CNVD-2022-31756)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. An Access Control Error vulnerability exists in Mattermost 6.4.x and earlier versions, which stems from an inability to properly invalidate a pending email invitation when executed from the system...

GHSA-FXWJ-V664-WV5G Improper Control of a Resource Through its Lifetime in Mattermost

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

Improper Control of a Resource Through its Lifetime in Mattermost

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

CVE-2022-1385

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

CVE-2022-1385

Mattermost 6.4.x and earlier suffer from an improper invalidation of pending email invitations when performed from the system console, allowing accidentally invited users to join a workspace and access information from public channels/teams. This is due to an inadequate invitation invalidation fl...