CVE-2019-8279

Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum...

Web Wiz Forums 12.01 Database Disclosure

Exploit Title : Web Wiz Forums 12.01 Database Backup Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : webwiz.net Software Download Link : webwiz.net/web-wiz-forums/forum-downloads.htm Software Information Link :...

Vanilla Forums Stored Cross-Site Footer Vulnerability

Vanilla Forums is a Canadian company Vanilla Forums PHP-based open source forum program . A stored cross-site script vulnerability exists in Vanilla Forums. An attacker can exploit this vulnerability to gain access to the backend administrator...

Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed

The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn, DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov Максим Владимирович Донаков, a resident of Penza, Russian Federation. In early 2016, a hacker wi...

Design/Logic Flaw

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site...

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks

The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside th...

Vanilla: Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability

Summary: An authenticated admin user can trigger a directory traversal to require call leading to local file inclusion which can allow an attacker to gain remote code execution. Notes: - You need to have an admin session to run this poc. - You can use the directory traversal to reach outside of t...

SRC-2019-0020 : Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the getSingleIndex...

Vanilla: Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical)

Summary: An unauthenticated attacker can inject an serialized payload into a phar archive and trigger read access to it via an unprotected getimagesize. The attacker can leverage this to deserialize untrusted data and gain remote code execution. Notes: - THIS BUG IS UNAUTHENTICATED, however you...

Vanilla: Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability

Summary: An authenticated admin user can inject an unserializable password in a another users account. Later when attempting a login with that user, the attacker can trigger a call to an unserialize in the splitHash function. By using a custom pop chain to write into the constants.php file, an...

Vanilla: Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability

Summary: An authenticated admin user can trigger a call to unserialize which can allow an attacker to gain remote code execution. Description: Please bare with me on this one, it's heavy. Ok, so after setting a Garden.TouchIcon setting it can be several settings, this is just an example of one we...

BTITeam XBTIT cross-site scripting vulnerability (CNVD-2019-28274)

XBTIT is an open source tracking software. A reflective cross-site scripting vulnerability exists in the 'keywords' parameter in the search function in /index.php?page=forums&action=search in BTITeam XBTIT 2.5.4. The vulnerability can be exploited to execute arbitrary JavaScript code in a user's...

CVE-2018-15679

An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting...

PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability

Proof-of-concept code found on the GitHub repository could allow attackers to easily take advantage of a recently identified vulnerability in the Apache Struts 2 framework. The vulnerability CVE-2018-11776, identified earlier this week, could allow an adversary to execute remote code on targeted...

forums.kingsnake.com XSS vulnerability

Open Bug Bounty ID: OBB-668295 Description| Value ---|--- Affected Website:| forums.kingsnake.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

SRC-2018-0030 : Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is not required to exploit this vulnerability. The specific flaw exists within the domGetImages function of the ImportController class. The iss...

SRC-2018-0031 : Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the index function of th...

SRC-2018-0033 : Vanilla Forums XenforoPassword splitHash unserialize Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the splitHash function o...

SRC-2018-0035 : Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSingleIndex function of the AddonManager class. The issue...

web.scienceforums.com XSS vulnerability

Open Bug Bounty ID: OBB-662625 Description| Value ---|--- Affected Website:| web.scienceforums.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...