DRUPAL-CONTRIB-2018-067

The Workbench Moderation module adds arbitrary moderation states to Drupal core's "unpublished" and "published" node states, and affects the behavior of node revisions when nodes are published. In some conditions, content moderation fails to check a users access to use certain transitions, leadin...

Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

Content moderation - Moderately critical - Access bypass - Drupal 8 In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass. In order to fix this issue, the following changes have been made to content moderation which may have...

Workbench Moderation - Moderately critical - Access bypass - SA-CONTRIB-2018-067

The Workbench Moderation module adds arbitrary moderation states to Drupal core's "unpublished" and "published" node states, and affects the behavior of node revisions when nodes are published. In some conditions, content moderation fails to check a users access to use certain transitions, leadin...

CVE-2018-11502

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF...

A week in security (June 25 – July 1)

Last week on Labs, we looked at comment moderation duties, Viagra spam on a news-making restaurant's website, and how to manage your child's online presence for Internet safety month. We also looked at a set of big breaches and leaks, as well as malware threats with a World Cup vibe. Other news...

Did my comment on your blog get lost?

If you ever feel bad about your job because of mindless tasks you must perform day after day, or if you're bothered by the fact that your chosen work pays crap, produces nothing useful, and helps no one: have a look at blog comment spammers and breathe a sigh of relief. They make almost any job...

CVE-2018-11430

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea...

mybb -- multiple vulnerabilities

myBB Team reports: High risk: Installer RCE on configuration file write High risk: Language file headers RCE Medium risk: Installer XSS Medium risk: Mod CP Edit Profile XSS Low risk: Insufficient moderator permission check in delayed moderation tools Low risk: Announcements HTML filter bypass Low...

Watch Workers Learn How to Filter Obscene and Violent Photos From Dating Sites

Directors Adrian Chen and Ciaran Cassidy give WIRED a first look at their disturbing short documentary on content moderation. The post Watch Workers Learn How to Filter Obscene and Violent Photos From Dating Sites appeared first on WIRED...

Scheduler Workbench Integration - Critical - Unsupported - SA-CONTRIB-2017-39

Updates 20170414 - A new module maintainer has been found and a new release for this module has been published. Provides integration between the Scheduler module and the Workbench Moderation module. The security team is marking this module unsupported. There is a known security issue with the...

CVE-2016-9402

SQL injection vulnerability in the moderation tool in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2016-9402

SQL injection vulnerability in the moderation tool in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the moderation tool in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2016-9402

SQL injection vulnerability in the moderation tool in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

Drupal Workbench Moderation Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.The Workbench Moderation module enables you to customize the editorial workflow in your website. An information disclosure vulnerability exists in the Drupal Workbench Moderation module...

Workbench Moderation - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-060

This module enables you to create and manage custom editorial workflows around a site's content. The module could result in unpublished content being temporarily made visible via content lists, e.g. as generated by Views, when its editorial status was being changed, e.g. from "draft" to "needs...

RHEL 6 : Virtualization Manager (RHSA-2016:1929)

An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

vBulletin forumrunner/includes/moderation.php SQL Injection Vulnerability

VBulletin is a powerful, flexible and fully customizable suite of forum programs. A SQL injection vulnerability exists in the forumrunner/includes/moderation.php file in versions of vBulletin prior to 4.2.2 Patch Level 5 and prior to 4.2.3 Patch Level 1. A remote attacker can exploit this...

OLX: stored XSS in olx.pl - ogloszenie TITLE element - moderator acc can be hacked

Hello, The OLX.PL is vulnerable to stored XSS attack. When adding new advertisement, it is possible to put a payload in its title here I used Titlealert1 I see ads are being pre-moderated, however it can remain uncaught also the length limit in title field is enough to insert into it e.g. a BeEF...

contact-moderation.com XSS vulnerability

Vulnerable URL: http://www.contact-moderation.com/clients/all/abuse.asp?origine=LMid=blog-2698361%22%3E%3Csvg%20onload=alert%28/XSSPOSED/%29%3E=FR Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclose...