CVE-2019-20888

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service memory consumption via an outgoing webhook or a slash command integration...

CVE-2019-20863

An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted...

CVE-2019-20863

An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted...

CVE-2019-20863

An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted...

CVE-2019-20863

CVE-2019-20863 affects Mattermost Server prior to 5.13.0, where incoming webhook creation is not properly restricted. This is a usability/authorization flaw in webhook provisioning that could enable misconfiguration or abuse by an attacker with access to create webhooks. The available documents c...

CVE-2020-14447

An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service infinite loop, aka MMSA-2020-0021...

Denial of service

An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service infinite loop, aka MMSA-2020-0021...

CVE-2020-14447

An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service infinite loop, aka MMSA-2020-0021...

PT-2020-14007 · Mattermost · Mattermost Server

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 5.23.0 Description: An issue allows attackers to cause a denial of service infinite loop by sending large webhook requests. Recommendations: For versions prior to 5.23.0, update to version 5.23.0 or later t...

Citrix XenMobile Server 10.8 - XML External Entity Injection

Citrix XenMobile Server 10.8 - XML External Entity Injection Exploit Title: Citrix XenMobile Server 10.8 - XML External Entity Injection Google Dork: inurl:zdm logon Date: 2019-11-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.citrix.com Software Link: Version: XenMobile Server 10.8...

Citrix XenMobile Server 10.8 XML Injection

Exploit Title: Citrix XenMobile Server 10.8 - XML External Entity Injection Google Dork: inurl:zdm logon Date: 2019-11-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.citrix.com Software Link: Version: XenMobile Server 10.8 before RP2 and 10.7 before RP3 Tested on: XenMobile CVE :...

CVE-2019-10459

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10459

CVE-2019-10459 affects Jenkins Mattermost Notification Plugin ≤ 2.7.0. The vulnerability stems from webhook URLs containing a secret token being stored unencrypted in the plugin’s global configuration and in job config.xml on the Jenkins master, enabling disclosure by users with Extended Read per...

PT-2019-11853 · Jenkins · Jenkins Mattermost Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mattermost Notification Plugin versions 2.7.0 and earlier Description: The issue allows stored webhook URLs containing a secret token to be viewed unencrypted in the global configuration file and job config.xml files on the Jenkins...

CVE-2017-15138

An improper authorization flaw in the atomic-openshift component of Openshift Container Platform 3.7 and earlier allows a user with cluster-reader project viewer permissions to trigger an application build. An attacker could use this flaw to trigger a build of an application when that should be...

aero.champ:cargojson (=1.0), ai.active:webhook-sdk (>=1.0.0 <=1.0.4) +30799 more potentially affected by CVE-2019-14439 via com.fasterxml.jackson.core:jackson-databind (>=2.9.0 <=2.9.9.1)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.9.0, =1.0.0, =4.4.0.0, =local, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.1.2, =0.1.7 - ai.genauth:genauth-java-sdk =3.1.11 - ai.grakn.kgms:client =1.4.3 and more Source cves: CVE-2019-14439 Source advisory:...

Rock-ON - An All In One Recon Tool That Will Just Get A Single Entry Of The Domain Name And Do All Of The Work Alone

Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a...

aero.champ:cargojson (=1.0), ai.active:webhook-sdk (>=1.0.0 <=1.0.4) +30538 more potentially affected by CVE-2019-12384 via com.fasterxml.jackson.core:jackson-databind (>=2.9.0 <=2.9.9)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.9.0, =1.0.0, =4.4.0.0, =local, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.1.2, =0.1.7 - ai.genauth:genauth-java-sdk =3.1.11 - ai.grakn.kgms:client =1.4.3 and more Source cves: CVE-2019-12384 Source advisory:...

Atlassian JIRA < 7.6.7 / 7.7.x < 7.11.0 Information Disclosure

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by an information disclosure vulnerability due to webhook events being sent improperly due to issues in the related JQL filter. %NASLMINLEVEL 70300 C Tenable Netwo...