Vanilla < 2.1.5 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage:...

Vanilla &lt; 2.1.5 - Cross-Site Request Forgery

Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage: https://open.vanillaforums.com Software Link:...

Vanilla Forums Cross-Site Request Forgery Vulnerability

Vanilla Forums is a Canadian company Vanilla Forums PHP-based open source forum program . A cross-site request forgery vulnerability exists in versions of Vanilla Forums prior to 2.1.5. A remote attacker can exploit this vulnerability to delete topics and comments on the forum...

CVE-2017-1000432

Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access...

CVE-2017-1000432

Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access...

Cross site request forgery (csrf)

Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access...

CVE-2017-1000432

CVE-2017-1000432 affects Vanilla Forums prior to 2.1.5. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows any registered user to delete topics and comments without admin rights. Root cause is CSRF in the Vanilla Forums workflow, enabling unauthorized state-changing actions. Exp...

CVE-2017-1000432

Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access...

forums.valofe.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-472724 Description| Value ---|--- Affected Website:| forums.valofe.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure based on IS...

Vanilla Forums Detection

Binary data vanillaforumsdetect.nbin...

Vanilla Forums Header Injection Remote Code Execution

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request. C Tenable Network Security,...

Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies

Nothing is free in this world. If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam. For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hack...

forums.autodesk.com XSS vulnerability

Open Bug Bounty ID: OBB-382710 Description| Value ---|--- Affected Website:| forums.autodesk.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

IC3 Issues Alert on DDoS Attacks

The Internet Crime Complaint Center IC3 has issued an alert on distributed denial-of-service DDoS-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences. US-CERT...

forums.ardacraft.me XSS vulnerability

Vulnerable URL: https://forums.ardacraft.me/email/[email protected]%27%22%3E%3Csvg/onload=alert/openbugbounty/%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

FormBook Malware Targets U.S. Defense Contractors, Aerospace and Manufacturing Sectors

Attackers spreading new malware called FormBook are singling out aerospace firms, defense contractors and some manufacturing organizations in the United States and South Korea. According to researchers at FireEye, FormBook was spotted in several high-volume distribution campaigns targeting the U....

Dradis Framework - Collaboration and reporting for IT Security teams

Dradis is an open-source collaboration framework, tailored to InfoSec teams. Goals Share the information effectively. Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems. Flexible: with a powerful and simple extensions interface. Small and portable. You...

Solarwinds LEM Insecure Update Process

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Multiple Affected Version: Multiple Platform: Embedded Linux CWE Classification: CWE-284: Improper Access Control, CWE-346: Origin Validation Error Impact: Counterfeit Product Downloads Attack vector: HTTP 2. Vulnerability...

Red Alert 2.0: New Android Banking Trojan for Sale on Hacking Forums

The Recent discoveries of dangerous variants of the Android banking Trojan families, including Faketoken, Svpeng, and BankBot, present a significant threat to online users who may have their login credentials and valuable personal data stolen. Security researchers from SfyLabs have now discovered...

forums.adobe.com Open Redirect vulnerability

Vulnerable URL: https://forums.adobe.com/external-link.jspa?url=https%3A%2F%2Fopenbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 11.12.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VI...