Lucene search
K

697 matches found

Hacker One
Hacker One
added 2020/07/01 9:43 a.m.160 views

SMTP2GO: Stored XSS at https://app.smtp2go.com/settings/users/

Vulnerability : A. Type:- Cross Site Scripting Stored B. Description:- Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Summary : When you will create a particular user...

6.5AI score
Exploits0
Atlassian
Atlassian
added 2020/06/23 4:27 p.m.39 views

SSRF in Webhooks - CVE-2020-14170

Affected versions of Atlassian Bitbucket Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that...

4.3CVSS5.7AI score0.00829EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/06/23 4:27 p.m.46 views

SSRF in Webhooks - CVE-2020-14170

Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource...

4.3CVSS4.6AI score0.00829EPSS
Exploits0
CNVD
CNVD
added 2020/06/22 12:0 a.m.5 views

Unspecified Vulnerability in Mattermost Server (CNVD-2020-35445)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.5.0, prior to 4.4.5, and prior to 4.3.4, which stems from a failure of the program to properly handle the...

4.3CVSS6.7AI score0.00614EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/22 12:0 a.m.2 views

Mattermost Server Input Validation Error Vulnerability (CNVD-2020-48239)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability can be exploited by an attacker to create fake system message posts with the help of...

4.3CVSS6.8AI score0.00664EPSS
Exploits0References1
Prion
Prion
added 2020/06/19 7:15 p.m.20 views

Sql injection

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...

4CVSS4.8AI score0.00664EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/19 6:8 p.m.24 views

CVE-2017-18889

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...

4.7AI score0.00664EPSS
Exploits0References1
CVE
CVE
added 2020/06/19 6:8 p.m.45 views

CVE-2017-18889

Summary: CVE-2017-18889 affects Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. An attacker can abuse the v3/v4 REST API via webhooks or slash commands to create fictive system-message posts. What’s affected: Mattermost Server (versions before 4.3.0, 4.2.1, and 4.1.2). The vulnerability is ex...

4.3CVSS4.6AI score0.00664EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/19 4:47 p.m.24 views

CVE-2017-18870

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case...

4.7AI score0.00614EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/03/13 5:7 p.m.42 views

HackerOne: Read-only team members can read all properties of webhooks

Description: A team member can view all properties of webhooks despite not needing them. Steps To Reproduce 1. Have an admin of a program setup webhooks 2. As a team member read-onlylog in 3. Run the following graphql query: query teamhandle: "security" name webhooks nodes id secret url 4. See th...

0.4AI score
Exploits0
CNVD
CNVD
added 2019/07/11 12:0 a.m.3 views

GitLab CE/EE server-side request forgery vulnerability (CNVD-2019-23579)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A...

7.7CVSS6.8AI score0.27983EPSS
Exploits5References1
NVD
NVD
added 2019/07/10 5:15 p.m.25 views

CVE-2018-19571

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks...

7.7CVSS7.3AI score0.27983EPSS
Exploits5References4
OSV
OSV
added 2019/07/10 5:15 p.m.23 views

CVE-2018-19571

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks...

7.7CVSS6.4AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/07/10 5:15 p.m.34 views

CVE-2018-19571

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks...

7.7CVSS7AI score0.27983EPSS
Exploits5References2
Cvelist
Cvelist
added 2019/07/10 4:1 p.m.28 views

CVE-2018-19571

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks...

7.3AI score0.27983EPSS
Exploits5References4
CVE
CVE
added 2019/07/10 4:1 p.m.120 views

CVE-2018-19571

GitLab CE/EE is affected by CVE-2018-19571 (SSRF in webhooks) affecting versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1. Connected documents show public exploit entries indicating this SSRF can lead to remote code execution in GitLab 11.4.7/11.4.x and authentic...

7.7CVSS7.1AI score0.27983EPSS
Exploits5References4Affected Software1
Debian CVE
Debian CVE
added 2019/07/10 4:1 p.m.24 views

CVE-2018-19571

Removed by vendor...

7.7CVSS7.1AI score0.27983EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2019/07/10 12:0 a.m.3 views

PT-2019-9854 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.18 up to 11.3.10 GitLab CE/EE versions 11.4 up to 11.4.7 GitLab CE/EE versions 11.5 up to 11.5.0 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability in webhooks. This means an attacker...

7.7CVSS7.4AI score0.27983EPSS
Exploits5References12
Kitploit
Kitploit
added 2019/06/25 10:10 p.m.236 views

Tourmaline - Telegram Bot Framework For Crystal

Telegram Bot and hopefully soon Client API framework for Crystal. Based heavily off of Telegraf this Crystal implementation allows your Telegram bot to be written in a language that's both beautiful and fast. Benchmarks coming soon. If you want to extend your bot by using NLP, see my other librar...

7.1AI score
Exploits0References7
Hacker One
Hacker One
added 2019/03/12 2:32 p.m.521 views

Omise: SSRF in webhooks leads to AWS private keys disclosure

Vulnerability Summary Omise makes use of Amazon AWS as their application environment. Due to a vulnerability in the way webhooks are implemented, an attacker can make arbitrary HTTP/HTTPS requests from the application server and read their responses. This is known as a server-side request forgery...

0.6AI score
Exploits0
Rows per page
Query Builder