EUVD-2005-2086

Malware in sbrugna...

Stable Channel Update for Desktop

The Stable channel has been updated to 121.0.6167.160 for Mac and Linux and 121.0.6167.160/161 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

GHSA-XMGG-FX9P-PRQ6 NodeBB account takeover via SSO plugins

This is a historical security advisory, pertaining to a vulnerability that was reported, patched, and published in 2021. It is listed here for completeness and for CVE tracking purposes. Impact Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the...

Stable Channel Update for Desktop

The Stable channel has been updated to 103.0.5060.134 for Windows,Mac and Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by...

CISA Urges Sites to Patch Critical RCE in Discourse

Discourse – the ultra-popular, widely deployed open-source community forum and mailing list management platform – has a critical remote code-execution RCE bug that was fixed in an urgent update on Friday. Tracked as CVE-2021-41163, the flaw is found in Discourse versions 2.7.8 and earlier. It’s...

Meet the new project experience for SonarCloud

We are very pleased to announce that we have released a new project experience. It’s now available in SonarCloud for all users. You’ll notice a few improvements the next time you open SonarCloud. We’re going to tell you more about what this makeover is about in this article. You may be wondering...

vulhub

This repository is an offensive tool for building vulnerable environments based on Docker-Compose. It contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The repository is maintained by phith0n and is licensed under the MIT...

My Book Live Users Wake Up to Wiped Devices

If you haven’t already, stop reading and go yank your My Book Live storage device offline, lest you join the ranks of those who woke up on Thursday to find that years of data had been wiped clean on devices around the world. Western Digital’s My Book storage device is designed for consumers and...

Android Security Bulletin—October 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-10-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Discuz! ML arbitrary code execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 7 month 11 days, the network appeared on a Discuz it! ML remote code execution vulnerability PoC, through Sangfor security researcher to verify the analysis found, the attacker can use the vulnerability in the request flow of the cookie field in the language parameter to insert arbitrar...

Paypal Inc BB #32 - Multiple Persistent Vulnerabilities

Document Title: =============== Paypal Inc BB 32 - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=716 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID: ==================================== 716...

ULoki Community Forum 2.1 - (usercp.php) XSS Vulnerability

No description provided by source. Exploit Title: ULoki Community Forum v2.1 usercp.php Cross Site Scripting Date: 10/02/2010 Author: Sioma Labs Software Link: http://www.uloki.com/download/ulokiforum06may2009.zip Version: v2.1 Tested on: Windows SP 2 / WAMP CVE : Code : / | | | | | \ | |/ | ' ...

Discuz! X2.5 api.php 信息泄露漏洞

Discuz!是国内一套通用的社区论坛软件系统。 Discuz! X2.5 api.php文件中由于arraykeyexists中的第一个参数只能为整数或者字符串，当?mod=ks时，$mod类型为array，从而导致arraykeyexists产生错误信息。 0 Discuz! X2.5...

Paypal Bug Bounty #31 - Mail Encoding Web Vulnerability

Document Title: =============== Paypal Bug Bounty 31 - Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=706 PayPal Security UID: erc849qoz Release Date: ============= 2013-04-03 Vulnerability Laboratory ID VL-ID:...

Paypal Bug Bounty #31 - Mail Encoding Web Vulnerability

Document Title: =============== Paypal Bug Bounty 31 - Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=706 PayPal Security UID: erc849qoz Release Date: ============= 2013-04-03 Vulnerability Laboratory ID VL-ID:...

PayPal Cross Site Scripting

Title: ====== PayPal Bug Bounty 26 - Persistent Web Vulnerabilities Date: ===== 2013-01-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=703 PayPal UID: wam19c8kxn VL-ID: ===== 703 Common Vulnerability Scoring System: ==================================== 4.5...

PayPal Bug Bounty #26 - Persistent Web Vulnerabilities

Document Title: =============== PayPal Bug Bounty 26 - Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=703 PayPal UID: wam19c8kxn Release Date: ============= 2013-01-25 Vulnerability Laboratory ID VL-ID:...

PayPal Bug Bounty #26 - Persistent Web Vulnerabilities

Document Title: =============== PayPal Bug Bounty 26 - Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=703 PayPal UID: wam19c8kxn Release Date: ============= 2013-01-25 Vulnerability Laboratory ID VL-ID:...

PayPal Community Forum Cross Site Scripting

Title: ====== Paypal Bug Bounty 27 - Community Web Vulnerability Date: ===== 2012-11-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=704 VL-ID: ===== 704 Common Vulnerability Scoring System: ==================================== 2.1 Introduction: ============= PayPal ...

Cisco Pulls Back on Routers' 'Supplemental Privacy Policy'

Cisco appears to have retracted a controversial addition to its privacy policy that allowed the company to track data, including complete Internet histories, for users of its Linksys E2700, E3500 and E4500 routers. The policy revisions were part of an automatic firmware update that outraged users...