2373 matches found
Giga Messenger WordPress - Cross-Site Scripting
Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
Joomla! Harmis Messenger 1.2.2 - Local File Inclusion
Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files. id: CVE-2019-9922 info: name: Joomla! Harmis Messenger 1.2.2 - Local File Inclusion author: 0xAkoko severity: high description: Joomla! Harmis Messenger 1.2.2 is...
EUVD-2018-21883
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...
MAL-2026-4363 Malicious code in @asura21232/fca-unofficial-nextgen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30540a72a722c901403164aeb090ca99999d3be2cc4d9e9f3ad99ef319fc2db2 This package presents itself as an unofficial Facebook Messenger client library, but its exported authentication helpers loginViaAPI, tokensViaAPI,...
Malicious code in @asura21232/fca-unofficial-nextgen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30540a72a722c901403164aeb090ca99999d3be2cc4d9e9f3ad99ef319fc2db2 This package presents itself as an unofficial Facebook Messenger client library, but its exported authentication helpers loginViaAPI, tokensViaAPI,...
MAL-2026-4526 Malicious code in claw_messenger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15ae01d96f3589f6660b2aa5f459595c9346ab885eda35196dae6252775f986a On npm install, this package's postinstall hook performs two unsafe install-time actions. First, dist/postinstall.js spawns a detached npm install -g...
Astra Linux - уязвимость в linux-5.15
A issue was discovered in the net/ceph/messengerv2.c file within the Linux kernel before version 6.4.5. There is an integer signedness error, which leads to a buffer overflow and remote code execution via the HELLO command or one of the AUTH frames. This occurs due to an untrusted length value...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: libceph: fixed invalid accesses to cephconnectionv1info. There is a place where generic code in messenger.c reads from certain members of the con-v1 union, and another place where it writes to those members without checking that...
New Mexico’s Meta Ruling and Encryption
Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the "design choices create liability" framework seems worrying in the abstract, the New Mexico case provides a concrete example of where it...
An Empirical Comparison of Security and Privacy Characteristics of Android Messaging Apps
Mobile messaging apps are a fundamental communication infrastructure, used by billions of people every day to share information, including sensitive data. Security and Privacy are thus critical concerns for such applications. Although the cryptographic protocols prevalent in messaging apps are...
EUVD-2018-21722
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter...
CVE-2018-25232
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter...
CVE-2018-25232 Softros LAN Messenger 9.2 Denial of Service via Log Files Location
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter...
CVE-2018-25232 Softros LAN Messenger 9.2 Denial of Service via Log Files Location
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter...
CVE-2018-25232
Softros LAN Messenger 9.2 is affected by a denial-of-service vulnerability. The issue arises in the Log Files Location field where an excessively long input (a 2000-character buffer) can crash the application when the OK button is clicked. The available documents specify the affected product and ...
PT-2026-29018
🚨 CVE-2018-25232 Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location cust...
Softros LAN Messenger 安全漏洞
Softros LAN Messenger is an instant messaging system for local area networks developed by the American company Softros. Version 9.2 of Softros LAN Messenger contains a security vulnerability. This vulnerability stems from a custom log file location field that can cause a denial-of-service attack,...
EKG Gadu 缓冲区错误漏洞
EKG Gadu is a multi-protocol instant messaging client software developed by EKG Corporation. In versions EKG Gadu 1.9–pre+r2855-3+b1, there was a buffer error vulnerability. This vulnerability stemmed from local buffer overflows in username processing, which could allow local attackers to execute...
WordPress WP-Chatbot for Messenger plugin <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability
Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin WP-Chatbot for Messenger versions = 4.9...