Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rooms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-18800
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
Tubigan Welcome To Our Resort 1.0
1 EDB exploit
NA
CVE-2014-2024
Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 prior to 2.1.3 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.
Openclassifieds Open Classifieds 2 2.0.2
Openclassifieds Open Classifieds 2 2.0.7
Openclassifieds Open Classifieds 2 2.0.8
Openclassifieds Open Classifieds 2 2.0
Openclassifieds Open Classifieds 2 2.0.4
Openclassifieds Open Classifieds 2 2.0.1
Openclassifieds Open Classifieds 2 2.1
Openclassifieds Open Classifieds 2 2.0.3
Openclassifieds Open Classifieds 2
Openclassifieds Open Classifieds 2 2.1.1
Openclassifieds Open Classifieds 2 2.0.5
Openclassifieds Open Classifieds 2 2.0.6
1 Github repository
NA
CVE-2015-8601
The Chat Room module 7.x-2.x prior to 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote malicious users to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vecto...
Chat Room Project Chat Room 7.x-2.1
Chat Room Project Chat Room 7.x-2.0
8.8
CVSSv3
CVE-2022-36009
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` even...
Matrix Dendrite
Matrix Gomatrixserverlib -
7.8
CVSSv3
CVE-2023-34120
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients prior to 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privil...
Zoom Virtual Desktop Infrastructure
NA
CVE-2022-23055
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker c...
Frappe Erpnext 11.0.3
Frappe Erpnext
5.4
CVSSv3
CVE-2023-3309
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cros...
Resort Reservation System Project Resort Reservation System 1.0
7.5
CVSSv3
CVE-2021-39215
Jitsi Meet is an open source video conferencing application. In versions before 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected ro...
8x8 Jitsi Meet 2.0.5963
8.8
CVSSv3
CVE-2022-29166
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an malicious user to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-...
Matrix Matrix Irc Bridge
4.3
CVSSv3
CVE-2022-29233
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but prior to 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of int...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »