MyBB Active Threads 1.3.0 Cross Site Scripting

Exploit Title: MyBB Active Threads Plugin 1.3.0 – Cross-Site Scripting Date: February 9, 2022 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1336 Version: 1.3.0 Tested On: Windows 10 CVE: CVE-2022-28354 Description: This plugin shows a page of...

Debian: Security Advisory (DLA-322-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email, and chat rooms. An information disclosure vulnerability exists in Discourse discourse-yearly-review, which stems from the fact that users appearing in yearly review threads are...

Web applications and Project Loom

Introduction Project Loom aims to bring "easy-to-use, high-throughput, lightweight concurrency" to the JRE. One feature introduced by Project Loom is virtual threads. In this blog post, we'll be exploring what virtual threads mean for web applications using some simple web applications deployed o...

K05940857: Apache Tomcat vulnerabilities CVE-2017-5650 and CVE-2017-5651

Security Advisory Description CVE-2017-5650 In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to...

Target device cannot access VDisk and boot, Event ID 11 seen on Provisioning server

Some or all target devices cannot access the VDisk at boot - the device will get a boot file but be unable to go further. On the PVS servers: Event id 11 from StreamProcess.exe is seen with the error detail:Detected one or more hung threads...

SUSE CVE-2005-3847

The handlestopsignal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service deadlock by sending a SIGKILL to a real-time threaded process while it is performing a core dump...

SUSE CVE-2007-5794

Race condition in nssldap, when used in applications that are linked against the pthread library and fork after a call to nssldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong...

SUSE CVE-2022-31623

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...

Discourse 访问控制错误漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from an access control error vulnerability, which can be exploited by an attacker to create new threads as any user with embeddable comments...

dotCMS 安全漏洞

dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. A security vulnerability exists in dotCMS version 5.x-22.06, which stems from the ability to call TempResource multiple times...

The vulnerability of the worker_threads module in the Node.js software platform, related to incorrect input validation, allows a malicious actor to trigger a service failure.

The vulnerability of the workerthreads module in the Node.js software platform is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

stalld bug fix and enhancement update

An update is available for stalld. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The stalld package provides a mechanism used to prevent the starvation of...

PT-2023-1174 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue is related to incorrect input validation in the worker threads module of the Node.js platform. This can potentially allow an attacker to cause a denial of service. Recommendations...

stalld bug fix and enhancement update

An update for stalld is now available for Rocky Linux 8.6 Extended Update Support. The stalld package provides a mechanism used to prevent the starvation of operating system threads in a Linux system. Bug fixes and Enhancements:...

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthreadlistthreads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthreadforumskip leads ...

CVE-2019-25093

The CVE-2019-25093 entry describes a cross-site scripting vulnerability in dragonexpert’s Recent Threads on Index component. Affected is the function recentthread_list_threads in inc/plugins/recentthreads/hooks.php, where manipulating the argument recentthread_forumskip enables XSS. The issue rep...

CVE-2019-25093 dragonexpert Recent Threads on Index Setting hooks.php recentthread_list_threads cross site scripting

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthreadlistthreads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthreadforumskip leads ...

CVE-2019-25093 dragonexpert Recent Threads on Index Setting hooks.php recentthread_list_threads cross site scripting

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthreadlistthreads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthreadforumskip leads ...

PT-2023-11351 · Unknown · Dragonexpert

Name of the Vulnerable Software and Affected Versions: dragonexpert Recent Threads on Index affected versions not specified Description: A problematic vulnerability was found in the function recentthread list threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler...