365 matches found
CVE-2013-7233
Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...
UBUNTU-CVE-2013-7233
Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...
CVE-2013-7233
Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...
CVE-2013-7233
Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...
'self' xss reported in a question's moderate
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...
Wordpress W3 Total Cache PHP Code Execution Vulnerability
This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows...
Child Porn on Indian Government websites
One of the 'The Hacker News' reader inform us today about porn content on some Indian Government websites. After analyzing such websites, we came across more than 30 sub domains belongs to 'entegramam.gov.in' . Where 'entegramam' means "My village" and all sub domains of this website are names of...
Child Porn on Indian Government websites
One of the 'The Hacker News' reader inform us today about porn content on some Indian Government websites. After analyzing such websites, we came across more than 30 sub domains belongs to 'entegramam.gov.in' . Where 'entegramam' means "My village" and all sub domains of this website are names of...
CVE-2012-2325
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel ACP in MyBB aka MyBulletinBoard before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-2716
Cross-site request forgery CSRF vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments...
CVE-2012-2716
CVE-2012-2716 is a CSRF vulnerability in the Drupal Comment Moderation module (6.x-1.x) prior to 6.x-1.1. The issue stems from insufficient protection of the publish link URL, allowing remote attackers to perform actions as an administrative user to publish comments. Vulnerable component: Comment...
SA-CONTRIB-2012-087 - Comment Moderation - Cross Site Request Forgery
This module enables you to moderate comments in an accelerated way, by providing a complete interface and all useful actions in a unique page. The module doesn't sufficiently protect the publish link URL, thus a Cross Site Request Forgery CSRF attack against an administrator could result in...
Social game Zynga's YoVille gets hacked
Social game Zynga's YoVille gets hacked Matt Spencer has been an active player of "YoVille" since the Zynga-owned virtual world launched in 2008, but hasn't played the game in about three weeks. He post a complaint on the gaming company's forum that in late January, Spencer's "YoVille" account wa...
BBC: Pastebin to Police Hacker-Posts
Pastebin.com could soon find itself on the wrong side of some of its most reliable traffic generators, namely, Anonymous, what’s left of LulzSec, and other hackers now that the site’s owner, Jeroen Vader, said he plans on hiring more staff to patrol the text-sharing site for “sensitive...
SA-CONTRIB-2012-009 - Revisioning - Access bypass
CVE: CVE-2012-1635 This module enables you to create moderation publication workflows, allowing authors to create content that isn't visible to the public until it has been approved by a moderator/publisher. The module's implementation of hooknodeaccess assumes that access is to granted/denied...
Simple Machines Forum 2.0 Session Hijacking
Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a session token in all the requests...
Simple Machines Forum (SMF) 2.0 - Session Hijacking
Simple Machines Forum SMF 2.0 - Session Hijacking Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf...
Simple Machines forum (SMF) 2.0 session hijacking
Exploit for php platform in category web applications Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csr...
Simple Machines Forum XSS / XSRF / PHP Execution
This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net http://labs.elhacker.net/simpleaudit Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities. The vulnerabilities that also appl...