697 matches found
SMTP2GO: Stored XSS at https://app.smtp2go.com/settings/users/
Vulnerability : A. Type:- Cross Site Scripting Stored B. Description:- Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Summary : When you will create a particular user...
SSRF in Webhooks - CVE-2020-14170
Affected versions of Atlassian Bitbucket Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that...
SSRF in Webhooks - CVE-2020-14170
Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-35445)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.5.0, prior to 4.4.5, and prior to 4.3.4, which stems from a failure of the program to properly handle the...
Mattermost Server Input Validation Error Vulnerability (CNVD-2020-48239)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability can be exploited by an attacker to create fake system message posts with the help of...
Sql injection
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...
CVE-2017-18889
Summary: CVE-2017-18889 affects Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. An attacker can abuse the v3/v4 REST API via webhooks or slash commands to create fictive system-message posts. What’s affected: Mattermost Server (versions before 4.3.0, 4.2.1, and 4.1.2). The vulnerability is ex...
CVE-2017-18889
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...
CVE-2017-18870
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case...
HackerOne: Read-only team members can read all properties of webhooks
Description: A team member can view all properties of webhooks despite not needing them. Steps To Reproduce 1. Have an admin of a program setup webhooks 2. As a team member read-onlylog in 3. Run the following graphql query: query teamhandle: "security" name webhooks nodes id secret url 4. See th...
GitLab CE/EE server-side request forgery vulnerability (CNVD-2019-23579)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A...
CVE-2018-19571
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks...
CVE-2018-19571
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks...
CVE-2018-19571
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks...
CVE-2018-19571
Removed by vendor...
CVE-2018-19571
GitLab CE/EE is affected by CVE-2018-19571 (SSRF in webhooks) affecting versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1. Connected documents show public exploit entries indicating this SSRF can lead to remote code execution in GitLab 11.4.7/11.4.x and authentic...
CVE-2018-19571
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks...
PT-2019-9854 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.18 up to 11.3.10 GitLab CE/EE versions 11.4 up to 11.4.7 GitLab CE/EE versions 11.5 up to 11.5.0 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability in webhooks. This means an attacker...
Tourmaline - Telegram Bot Framework For Crystal
Telegram Bot and hopefully soon Client API framework for Crystal. Based heavily off of Telegraf this Crystal implementation allows your Telegram bot to be written in a language that's both beautiful and fast. Benchmarks coming soon. If you want to extend your bot by using NLP, see my other librar...
Omise: SSRF in webhooks leads to AWS private keys disclosure
Vulnerability Summary Omise makes use of Amazon AWS as their application environment. Due to a vulnerability in the way webhooks are implemented, an attacker can make arbitrary HTTP/HTTPS requests from the application server and read their responses. This is known as a server-side request forgery...