jesus-christ-forums.com Cross Site Scripting vulnerability OBB-3522475

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ImpressCMS Cross-Site Scripting Vulnerability (CNVD-2023-59104)

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...

Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

In yet another sign of a lucrative crimeware-as-a-service CaaS ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a...

CVE-2023-33981

Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one...

CVE-2023-33981

Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one...

Briar 安全漏洞

Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in versions of Briar prior to 1.4....

PT-2023-24615 · Briar · Briar

Name of the Vulnerable Software and Affected Versions: Briar versions prior to 1.4.22 Description: The issue allows attackers to spoof other users' messages in a blog, forum, or private group. However, each spoofed message would need to be an exact duplicate of a legitimate message displayed...

CVE-2023-33981

Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one...

railforums.co.uk Cross Site Scripting vulnerability OBB-3333326

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-25091

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature...

Design/Logic Flaw

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature...

CVE-2022-25091

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature...

Infopop Ultimate Bulletin Board 安全漏洞

Infopop Ultimate Bulletin Board is a web forum system from Infopop, Inc. A security vulnerability exists in Infopop Ultimate Bulletin Board version 5.47a and prior versions, which originated from a vulnerability that allows unauthenticated users to view messages in private forums by referring to...

CVE-2022-25091

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature...

New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web

A new "all-in-one" stealer malware named EvilExtractor also spelled Evil Extractor is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "I...

Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole

Welcome to this weeks edition of the Threat Source newsletter. Law enforcement organizations across the globe notched a series of wins over the past few weeks against online forums for cybercriminals. On March 23, the FBI announced it disrupted the online cybercriminal marketplace BreachForums,...

Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities

The developer of the Typhon Reborn information stealer released version 2 V2 in January, which included significant updates to its codebase and improved capabilities. Most notably, the new version features additional anti-analysis and anti-virtual machine VM capabilities to evade detection and ma...

myBB forums 1.8.26 Cross Site Scripting

Exploit Title: myBB forums 1.8.26 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://mybb.com/versions/1.8.26/ Version: 1.8.26 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as administrator user 2. Browse to "Templates and Style...

myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)

Exploit Title: myBB forums 1.8.26 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://mybb.com/versions/1.8.26/ Version: 1.8.26 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as administrator user 2. Browse to "Templates and Style...

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to...