BigBlueButton 信息泄露漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton 3.0.19 and earlier contained a vulnerability related to information leakage. This vulnerability occurred because the client still sent audio data even when the microphone wa...

CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

GHSA-4MHG-XV73-XQ2X Synapse denial of service through media disk space consumption

Impact Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging fro...

Synapse denial of service through media disk space consumption

Impact Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging fro...

CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...

CVE-2024-35225

Jupyter Server Proxy (jupyter-server-proxy) has a reflected XSS in the host parameter of the /proxy endpoint. Affected versions: 3.x prior to 3.2.4 and 4.x prior to 4.2.0. The issue occurs when an invalid host value is echoed back, enabling a phishing link to execute arbitrary JavaScript in a use...

NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4 Server Operator to Administrator Privilege Escalation: System Key Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/182/info The default ACL over the HKEYLocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key System value includes an entry for Server Operators:Special. The Special setting allows Server Ops to Set this...

Microsoft Windows 'Server Operators' Group User List

Using the supplied credentials, it is possible to extract the member list of the 'Server Operators' group. Members of this group can perform most common administrative tasks. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10903; scriptversion"1.19"; scriptcvsdate"Dat...

Microsoft Windows NT 4.04.0 SP14.0 SP24.0 SP34.0 SP4 - Server Operator to Administrator Privilege Escalation: System Key

Microsoft Windows NT 4.04.0 SP14.0 SP24.0 SP34.0 SP4 - Server Operator to Administrator Privilege Escalation: System Key // source: https://www.securityfocus.com/bid/182/info The default ACL over the HKEYLocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key "System" value include...

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4 - Server Operator to Administrator Privilege Escalation: System Key

// source: https://www.securityfocus.com/bid/182/info The default ACL over the HKEYLocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key "System" value includes an entry for Server Operators:Special. The Special setting allows Server Ops to "Set" this value. A malicious System...