PT-2026-44173

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel has a security vulnerability that stems from improper validation of the aocservicereadmessage input in aocipccore.c, which could lead to local elevation of privilege...

CVE-2023-3004

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Chat System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=readmsg of the component POST Parameter Handler. The manipulation of the argument convoid leads to sql...

PT-2023-22516 · Sourcecodester · Sourcecodester Simple Chat System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Chat System version 1.0 Description: A critical issue has been found in the file /ajax.php?action=read msg of the component POST Parameter Handler. The manipulation of the convo id argument leads to sql injection. The...

CVE-2018-17843

SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0...

CVE-2017-7183

The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service crash via a large 1 read or 2 write TFTP protocol message...

CVE-2016-1763

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread...

krb5: unauthenticated denial of service in recvauth_common() and others

It was found that the krb5readmessage function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request...

krb5: unauthenticated denial of service in recvauth_common() and others

It was found that the krb5readmessage function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request...

Code injection

Simple Machines Forum SMF 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message...

lyris-listmanager.txt

Title: Lyris ListManager Multiple Flaws Release Date: December 8, 2005 Patch Date: Unknown v8.9b resolves most issues Reported Date: June 21, 2005 Vendor: Lyris Systems Affected: Lyris ListManager v5.0-8.8a most flaws Summary: The Lyris ListManager software is vulnerable to numerous SQL injection...