12 matches found
Design/Logic Flaw
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation until first reboot, or restart of RabbitMQ does not successfully limit the default ports which RabbitMQ opens; this...
CVE-2021-43799 RabbitMQ exposes ports with weak default secrets in Zulip Server
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation until first reboot, or restart of RabbitMQ does not successfully limit the default ports which RabbitMQ opens; this...
CVE-2021-30479
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...
CVE-2021-30479
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...
Design/Logic Flaw
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...
CVE-2021-30479
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization...
EaST - Exploits and Security Tools Framework
Pentest framework environment is the basis of IT security specialist’s toolkit. This software is essential as for learning and improving of knowledge in IT systems attacks and for inspections and proactive protection. The need of native comprehensive open source pen test framework with high level...
Untrusted site hosting trusted page can intercept webchannel responses — Mozilla
Mozilla developer Mark Hammond reported a flaw in how WebChannel.jsm handles message traffic. He found that when a trusted page is hosted within an on an untrusted third-party untrusted framing page, the untrusted page could intercept webchannel responses meant for the trusted page, bypassing...
CVE-2011-1919
Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via crafted TCP message traffic to 1 PRProficyMgr.exe in Profic...
Stack overflow
Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via crafted TCP message traffic...
CVE-2011-1918
Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via crafted TCP message traffic...
Novell GroupWise MTA Web Console Accessible
The remote web server is a Novell GroupWise MTA Web Console, used to monitor and potentially control a GroupWise MTA via a web browser. By allowing unauthenticated access, anyone may be able to do things such as discover the version of GroupWise installed on the remote host and its configuration,...