44 matches found
Rocket.Chat: Session Hijack via Self-XSS
Summary: It's possible to hijack a session by tricking the user to perform a Self-XSS on the drag and drop functionality in the chat. Description: Self-XSS is an underrated vulnerability that can have a harmful impact on the users of the application like here, after we get access to the user's...
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
[SECURITY] Fedora 27 Update: python-urllib3-1.24.1-2.fc27
Python HTTP module with connection pooling and file POST abilities...
Open-Xchange: SSRF in /appsuite/api/autoconfig
FYI: This was conducted on a local install of App Suite and not the sandbox. App Suite version was: 7.8.4 Rev14 Hello, There is a possible SSRF vulnerability in the following App Suite API endpoint that will primarily allow blind port scanning of the App Suite server and any internal servers...