VYPR
Vendor

balloonwj

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2020-35245CriDec 26, 2020
    risk 0.64cvss 9.8epss 0.01

    Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.

  • CVE-2020-35244CriDec 26, 2020
    risk 0.64cvss 9.8epss 0.01

    Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.

  • CVE-2020-35242CriDec 26, 2020
    risk 0.64cvss 9.8epss 0.01

    Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.

  • CVE-2020-35284HigDec 26, 2020
    risk 0.49cvss 7.5epss 0.02

    Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined…

VYPR — Vulnerability Intelligence