Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rooms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-7047
NatterChat 1.1 allows remote malicious users to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
Natterchat Natterchat 1.1
1 EDB exploit
NA
CVE-2004-1549
The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote malicious users to gain sensitive information by sniffing the network connection.
Onnuri Infotek Activepost Standard 3.1
NA
CVE-2009-4670
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote malicious users to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.
Beaussier Roomphplanning 1.6
1 EDB exploit
NA
CVE-2013-3977
The Meeting Server in IBM Sametime 8.x up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 allows remote malicious users to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
Ibm Sametime 8.5.1.1
Ibm Sametime 8.5.2.0
Ibm Sametime 8.0.0.0
Ibm Sametime 8.5.1.0
Ibm Sametime 8.5.0.0
Ibm Sametime 9.0.0.1
Ibm Sametime 8.0.2.1
Ibm Sametime 8.0.2.0
Ibm Sametime 9.0.0.0
Ibm Sametime 8.5.2.1
Ibm Sametime 8.0.1.1
Ibm Sametime 8.0.1.0
7.5
CVSSv3
CVE-2018-10657
Matrix Synapse prior to 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
Matrix Synapse
9.8
CVSSv3
CVE-2018-18800
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
Tubigan Welcome To Our Resort 1.0
1 EDB exploit
NA
CVE-2014-2024
Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 prior to 2.1.3 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.
Openclassifieds Open Classifieds 2 2.0.4
Openclassifieds Open Classifieds 2 2.0.5
Openclassifieds Open Classifieds 2 2.0.2
Openclassifieds Open Classifieds 2 2.0.3
Openclassifieds Open Classifieds 2 2.1.1
Openclassifieds Open Classifieds 2
Openclassifieds Open Classifieds 2 2.0.6
Openclassifieds Open Classifieds 2 2.0.7
Openclassifieds Open Classifieds 2 2.0
Openclassifieds Open Classifieds 2 2.0.1
Openclassifieds Open Classifieds 2 2.0.8
Openclassifieds Open Classifieds 2 2.1
NA
CVE-2015-8601
The Chat Room module 7.x-2.x prior to 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote malicious users to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vecto...
Chat Room Project Chat Room 7.x-2.0
Chat Room Project Chat Room 7.x-2.1
8.8
CVSSv3
CVE-2022-36009
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` even...
Matrix Dendrite
Matrix Gomatrixserverlib -
7.8
CVSSv3
CVE-2023-34120
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients prior to 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privil...
Zoom Virtual Desktop Infrastructure
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »