CVE-2018-18912

An issue was discovered in Easy File Sharing EFS Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code...

UBUNTU-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

DEBIAN-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

Exploit for Deserialization of Untrusted Data in Drupal

It is an exploit module/toolkit targeting Drupal, specifically a...

CVE-2018-19349

In SeaCMS v6.64, there is SQL injection via the adminmakehtml.php topic parameter because of mishandling in include/mkhtml.func.php...

CVE-2018-12543

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit...

ALPINE-CVE-2018-12543

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit...

CVE-2018-1684

IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456...

GHSA-26Q7-G57V-MXCP HTML Injection in shout

Affected versions of shout do not escape the /topic command in messages, and are therefore vulnerable to cross-site scripting. Recommendation Update to version 0.50.0 or later...

DEBIAN-CVE-2018-18765

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mgmqttnextsubscribetopic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially...

Cesanta Mongoose buffer overread vulnerability (CNVD-2019-09626)

Mongoose is a cross-platform embedded Web server and networking libraries , its features include TCP, HTTP clients and servers , WebSocket clients and servers , MQTT clients and proxies and so on. A heap buffer over-read vulnerability exists in the MQTT packet parsing feature...

Chaturbate: Stored XSS in chat topic due to insecure emoticon parsing on any message type

Description The funcitonality for adding emoticons into the chat from the serverside perspective is based on a string in the following format: %%%emoticon NAME|EMOTICONURL|WIDTH|HEIGHT|REPORTURL%%% The EMOTICONURL must conform to the following regex: javascript...

CVE-2018-16338

An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic...

Mosca REDoS Vulnerability

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

CVE-2018-11615

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

Denial Of Service (DoS)

mosquitto is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of checks on invalid UTF-8 characters in the topic strings, causing a broker to disconnect when parsing invalid strings...

CVE-2017-16043

Shout is an IRC client. Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout =0.44.0 =0.49.3...

GD bbPress 2.5 Cross Site Scripting

An authenticated user of a bbPress forum, who can attach a file, can inject arbitrary javascript code via filename. The arbitrary code runs both on the topic page and in the admin panel, and it only affects the administrators, moderators and the attacker. The variable $errorafilea in...

CVE-2018-9990

In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead...

Cross site scripting

In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead...