SRC-2018-0032 : Vanilla Forums Gdn_Format unserialize Unserialize Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the unserialize function...

forums.autodesk.com XSS vulnerability

Open Bug Bounty ID: OBB-641556 Description| Value ---|--- Affected Website:| forums.autodesk.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

MyBB Group MyBB Access Control Error Vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. An access control error vulnerability exists in the private forums in MyBB Group MyBB. The...

CVE-2018-1000503

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in...

Improper access control

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in...

CVE-2018-1000503

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in...

CVE-2018-1000503

MyBB before 1.8.15 contains an Incorrect Access Control vulnerability in private forums that can allow viewing private forum posts without a password via an IDOR-like subscribe-to-forum action; fixed in 1.8.15.

CVE-2018-1000503

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in...

login.forums.sparx.io XSS vulnerability

Open Bug Bounty ID: OBB-632738 Description| Value ---|--- Affected Website:| login.forums.sparx.io Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

SEO poisoning: Is it worth it?

Search Engine Optimization SEO poisoning basically comes down to getting your web page high in the rankings for relevant search results without buying advertisements or using legitimate, but tedious, SEO best practices. Instead, threat actors use illegal means to push their page to the top...

Will the Real Joker’s Stash Come Forward?

For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists. This is the story about a group of Pakistani Web site designers who apparently have made an impressive living impersonating some of the most popular and well known...

CVE-2018-1135

CVE-2018-1135 affects Moodle 3.x: an issue where students posting on forums and exporting posts to portfolios can download any stored Moodle file by altering the download URL. The vulnerability concerns the file download mechanism within Moodle’s portfolio integration (no explicit root cause deta...

Data of millions of Japanese sold on underground hacking forums

By Waqas A cybercriminal operating from outside China was found to be This is a post from HackRead.com Read the original post: Data of millions of Japanese sold on underground hacking forums...

Latin American ‘Biñeros’ Bond Over Fraudulent Purchase Scheme

A type of card-not-present fraud is spreading throughout the Latin American underground, uniting groups of malefactors in a communal effort to perpetrate it as widely and as often as possible. Cybercriminals in the region are making use of problems in the validation process for bank identificatio...

Moodle 2.x / 3.x Multiple Vulnerabilities (May 2016) - Linux

Moodle CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

Uber: Uber employees are sharing information on productforums.google.com

@researcher found an exposed Google spreadsheet on productforums.google.com containing mostly test data. The researcher also found screenshots of Uber tools on Prezi containing driver personal information. This was result of a small research done after https://twitter.com/xKushagra released tip...

Use of ‘StegWare’ Increases in Stealth Malware Attacks

SAN FRANCISCO – Researchers are warning of an uptick in the malicious use of steganography as a vehicle for delivering malware. Steganography, they say, is increasingly becoming a go-to tool for cybercriminals not just for infection, but also command-and-control, data exfiltration and as an...

forums.abidjan.net XSS vulnerability

Open Bug Bounty ID: OBB-550038 Description| Value ---|--- Affected Website:| forums.abidjan.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Vanilla Forums Cross Site Request Forgery

Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage: https://open.vanillaforums.com Software Link:...

Vanilla < 2.1.5 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage:...