11 matches found
Ivanti Connect Secure 安全漏洞
Ivanti Connect Secure ICS is a secure remote network connection tool from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.6 and Ivanti Policy Secure prior to version 22.7R1.3, which stems from an issue with the plaintext storage of message...
CVE-2023-52341
In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed...
FreeBSD : element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting (c676bb1b-e3f8-11ed-b37b-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c676bb1b-e3f8-11ed-b37b-901b0e9408dc advisory. - matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior ...
CVE-2023-30609 matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...
GHSA-XV83-X443-7RMW HTML injection in search results via plaintext message highlighting
Impact Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. Cross-site scripting is possible by including resources from recaptcha.net and...
HTML injection in search results via plaintext message highlighting
Impact Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. Cross-site scripting is possible by including resources from recaptcha.net and...
Security Bulletin: IBM Security Access Manager for Mobile is affected by an OpenSSH vulnerability (CVE-2008-5161)
Summary IBM Security Access Manager for Mobile has SSH Server Cipher Block Chaining CBC mode ciphers enabled, which could allow an attacker to recover the plaintext message from the ciphertext. Vulnerability Details CVEID: CVE-2008-5161 DESCRIPTION: OpenSSH and multiple SSH Tectia products could...
CVE-2005-2225
Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so...
CVE-2005-2225
The CVE-2005-2225 entries describe a DoS condition in Microsoft MSN Messenger where remote attackers can cause users to be kicked from group conversations by sending a plaintext message containing the string ".pif". Gaim is also reported affected, suggesting the issue could be in the protocol or ...
EUVD-2005-2226
Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so...
PT-2005-3154 · Gaim +1 · Gaim +1
Name of the Vulnerable Software and Affected Versions: Microsoft MSN Messenger affected versions not specified Gaim affected versions not specified Description: The issue allows remote attackers to cause a denial of service by sending a plaintext message containing the ".pif" string. This string ...