Facebook bug changed 14 million users' default privacy settings to public

Facebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug. Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece...

WordPress MULTIDOTS Mass Pages/Posts Creator Plugin Denial of Service Vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of blogging platform , the platform supports PHP and MySQL server set up a personal blog site . MULTIDOTS Mass Pages/Posts Creator plugin is used in one of the bulk page creation plugin . A security vulnerability...

WordPress Mass Pages/Posts Creator plugin <= 1.2.2 - Stored Cross-Site scripting (XSS) vulnerability

Stored Cross-Site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Mass Pages/Posts Creator plugin versions = 1.2.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

CVE-2018-11580

An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site a...

Design/Logic Flaw

An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site a...

MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting

Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting Date: 5/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 Version: 1.0.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-11532 1...

UBUNTU-CVE-2018-1135

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

CVE-2018-1135

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation

The WordPress application running on the remote web server is version 4.7.x prior to 4.7.2. It is, therefore, affected by a privilege escalation vulnerability in the REST API due to a failure to properly sanitize user- supplied input to the 'id' parameter when editing or deleting blog posts. An...

MyBB Latest Posts on Profile plugin cross-site scripting vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by the MyBB team using PHP and MySQL. Latest Posts on Profile is used in one of the post profile plugin. A cross-site scripting vulnerability exists in version 1.1 of the MyBB Latest Posts on Profile plugin, which stems fro...

CVE-2018-10580

The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject aka thread subject field...

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Date: 4/20/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914...

MyBB Latest Posts On Profile 1.1 Cross Site Scripting

Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Date: 4/20/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914 Version: 1.1 Tested on: Ubuntu 17.10 CVE: CVE-2018-10580 1...

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914 Version: 1.1 Tested on: Ubuntu...

CVE-2018-5758

creationtimestamp| type| source ---|---|--- 2018-03-10 11:23:06+00:00| published-proof-of-concept| https://t.me/canyoupwnme/3408 2018-03-10 15:10:00+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/1158 2024-06-22 09:28:36+00:00| published-proof-of-concept|...

CVE-2017-18195

An issue was discovered in tools/conversations/viewajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental 'cnvID' integers...

Deserialization of untrusted data

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

CVE-2018-7198

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

CVE-2018-7198

CVE-2018-7198 affects October CMS up to version 1.0.431, specifically the RainLab Blog Plugin. It enables stored XSS by entering HTML on the Add Posts page, allowing a malicious payload to be stored and subsequently executed. The issue is documented across multiple sources (GHSA/OSV and exploit r...

CVE-2018-7198

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...