18 matches found
EUVD-2021-12808
Malware in sbrugna...
EUVD-2021-12807
Malware in sbrugna...
CVE-2021-25980
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, a...
CVE-2021-25981
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attack...
Talkyard code issue vulnerability
Talkyard is an open source structured discussion platform that brings together key features of StackOverflow, Slack, Discourse, Reddit/HackerNews, and Disqus blog comments.Talkyard suffers from a code issue vulnerability that could be exploited by an attacker to reuse an administrator's still val...
CVE-2021-25981
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attack...
CVE-2021-25981
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attack...
Session fixation
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attack...
CVE-2021-25981 Talkyard - Insufficient Session Expiration
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attack...
CVE-2021-25981
CVE-2021-25981 affects Talkyard. Versions v0.2021.20–v0.2021.33 (regular) and v0.2021.20–v0.2021.34 (dev) are vulnerable to Insufficient Session Expiration. The underlying issue allows an attacker who can obtain a still-valid admin session token (via other, hypothetical attacks) to reuse that tok...
Talkyard 代码问题漏洞
Talkyard is an open source structured discussion platform that brings together key features of StackOverflow, Slack, Discourse, Reddit/HackerNews, and Disqus blog comments.Talkyard suffers from a code issue vulnerability that could be exploited by an attacker to reuse an administrator's still val...
CVE-2021-25980
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, a...
CVE-2021-25980
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, a...
Design/Logic Flaw
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, a...
CVE-2021-25980
CVE-2021-25980 describes a Host Header Injection vulnerability in Talkyard. Affected versions include v0.04.01–v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e–v0.2021.02-WIP-879ef3fe1, and tyse-v0.2021.02–tyse-v0.2021.28-af66b6905-regular. An unauthenticated attacker can lure a user to click a link...
CVE-2021-25980 Talkyard - Host-Header Injection Leads to Account Takeover
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, a...
CVE-2021-25980 Talkyard - Host-Header Injection Leads to Account Takeover
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, a...
Talkyard 注入漏洞
Talkyard is an open source, structured discussion platform that brings together the key features of StackOverflow, Slack, Discourse, Reddit/HackerNews and Disqus blog comments. Talkyard suffers from a security vulnerability that allows an unauthenticated attacker to use the forgot password featur...