138 matches found
Hackers Flood Reddit With Pro-Trump Takeovers
By apparently compromising moderator accounts, the attackers were able to post MAGA materials all over at least 70 popular subreddits...
Information Disclosure
nodebb is vulnerable to information disclosure. The topics that have been deleted are hidden for moderators but not for an administrator...
MyBB Bans List 1.0 Cross Site Scripting
Exploit Title: MyBB Bans List - Cross Site Scripting Date: 7/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=423 Version: 1.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-14724 1. Description: Adds bans.php page, showing a li...
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting Exploit Title: MyBB OUGC Awards Plugin v1.8.3 - Cross-Site Scripting Date: 12/31/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=396 Version: 1.8.3 Tested on...
GD bbPress Attachments <= 2.5 - Authenticated Stored XSS
An authenticated user of a bbPress forum, who can attach a file, can inject arbitrary JavaScript code via the image filename. The arbitrary code runs both on the topic page and in the admin panel, and it only affects the administrators, moderators and the attacker. The variable $error‘file’ in...
GD bbPress 2.5 Cross Site Scripting
An authenticated user of a bbPress forum, who can attach a file, can inject arbitrary javascript code via filename. The arbitrary code runs both on the topic page and in the admin panel, and it only affects the administrators, moderators and the attacker. The variable $errorafilea in...
Dimofinf 3.0.0 SQL Injection Vulnerability
Dimofinf version 3.0.0 cookie SQL injection exploit. Dimofinf CMS Automatic Cookie SQL Injection exploit Google Dork: intext:"Powered by Dimofinf" Date: 19/11/2015 Author: D35m0nd142 Software link: http://www.dimofinf.net Version: 3.0.0 Tested on: Dimofinf version 3.0.0 Sometimes it happens that...
"4chan Hacked", Most Popular Image-Bulletin Board Compromised
The founder of 4chan, Christopher Poole, aka “moot” has confirmed few hours ago, in a blog post that the popular image-based bulletin board was hacked. The attacker gained access to the administrative functions and successfully hacked into one of 4chan’s database by exploiting a website's softwar...
Underground Marketplace 'Utopia' Seized by Dutch Police, 5 suspects arrested
After Silk Road, another underground online marketplace 'Utopia' has been seized by Dutch National Police, where users could buy illegal drugs and guns for home delivery. The police started their investigation under Codename 'Operation Commodore' in 2013, and finally seized Utopia's Germany-based...
Elastix Voip system 2.x , Php code injection / Data dump Exploit
Elastix is famous asterisk voip system interface dist. it's vulnerable to php code injection vuln , which can be used to dump all data including - SIP Extention Data - Plain text admin password - Moderators passwords - All trunks data - shell upload Usage Info just add the ip list to "list.txt"...
Flynax General Classifieds v4.0 CMS Multiple Vulnerabilities
Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Details: ======== 1.1 A SQL Injection vulnerability is detected in the Flynax General Classifieds v4.0 Content Management System. Remote attackers without privileged user accounts can execute/inject own sql commands to compromise the...
Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities
Document Title: =============== Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=659 Release Date: ============= 2012-07-12 Vulnerability Laboratory ID VL-ID:...
Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities
Document Title: =============== Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=659 Release Date: ============= 2012-07-12 Vulnerability Laboratory ID VL-ID:...
Seditio SF Quick Ban 1.0 Cross Site Request Forgery
================================================================ Vulnerable Software: SF - Quick Ban sfquickban version 1.0 is Plugin for Seditio CMS. http://www.seditioforge.com/plugins/administration/sf-quick-ban-i65.html http://www.seditioforge.com/page.php?id=65&a=dl MD5 SUM:...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Simple Machines Forum SMF 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtaine...
CVE-2011-4173
Cross-site request forgery CSRF vulnerability in Simple Machines Forum SMF 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtaine...
Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection
============================================= - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL Injection Invision Power Board = 2.3.6 SQL Injection II. BACKGROUND...
CVE-2008-7082
MyBB aka MyBulletinBoard 1.4.3 includes the sensitive mypostkey parameter in URLs to moderation.php with the 1 mergeposts, 2 split, and 3 deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery CSRF protection mechanism to hijack the...
MyBB 1.4.3 my_post_key Disclosure Vulnerability
MyBB 1.4.3 mypostkey Disclosure Vulnerability by NBBN http://nbbnsblog.co.cc Vendor: http://mybboard.net Date: November 25, 2008 These URLs contains "mypostkey". Moderators and admins use these sometimes, depending on what they want to do with a thread. mypostkey is used to perform various action...
mybb-disclose.txt
MyBB 1.4.3 mypostkey Disclosure Vulnerability by NBBN http://nbbnsblog.co.cc Vendor: http://mybboard.net Date: November 25, 2008 These URLs contains "mypostkey". Moderators and admins use these sometimes, depending on what they want to do with a thread. mypostkey is used to perform various action...