forums.netdoctor.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-293375 Description| Value ---|--- Affected Website:| forums.netdoctor.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Mail.ru: [et.mail.ru] ssrf 2

Привет, я подождал пока вы решите 251220 Эту багу, да она фикс. Затем я проверил другую и она работает, и видимо она не принадлежит одним и тем же параметрам при исправлении. Domain, site, application -- https://et.mail.ru/forums/ Steps to reproduce -- 1Заходим например в общий раздел...

Vanilla: Overwrite Drafts of Everyone

Description: ----------- Users have option to save drafts before doing comment on posts or discussions, where DraftID parameter is get passed to keep the draft record and if attacker replace this id with any existing id it will simple overwrite that record without checking the permission he that...

Uber Drivers Hacking the System to Cause Surge Pricing

Interesting story about Uber drivers who have figured out how to game the company's algorithms to cause surge pricing: According to the study. drivers manipulate Uber's algorithm by logging out of the app at the same time, making it think that there is a shortage of cars. ... The study said drive...

Modified Versions of Nukebot in Wild Since Source Code Leak

Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March wh...

New Point-of-Sale Malware LockPoS Hitches Ride with FlokiBot

Botnets distributing FlokiBot point-of-sale malware have awoken from months of slumber and are back in business spewing a new malware dubbed LockPoS. Researchers say the malware is still flying under the radar of many antivirus and intrusion detection systems because it’s so new. Currently, LockP...

Russian Financial Cybercriminal Gets Over 9 Years In U.S. Prison

A 29-year-old Russian-born, Los Angeles resident has been sentenced to over nine years in prison for running botnets of half a million computers and stealing and trafficking tens of thousands of credit card numbers on exclusive Russian-speaking cybercriminal forums. Alexander Tverdokhlebov was...

Tapatalk - 100,000+ Forums - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Tapatalk - 100,000+ Forums published at the 'play' market has multiple vulnerabilities...

forums.netdoctor.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-253566 Description| Value ---|--- Affected Website:| forums.netdoctor.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

topperlearning.com XSS vulnerability

Open Bug Bounty ID: OBB-251328 Description| Value ---|--- Affected Website:| topperlearning.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

forums.windrivers.com XSS vulnerability

Vulnerable URL: http://forums.windrivers.com/showthread.php/'-alert'OPENBUGBOUNTY'-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

insurance-forums.net XSS vulnerability

Vulnerable URL: http://www.insurance-forums.net/forum/life-insurance-forum/difference-between-traditional-term-mortgage-protection-term-t88905.html/...

Vanilla Forums 2.0.18.7 Remote Code Execution Exploit

Vanilla Forums = 2.0.18.7 RCE shell injector inject a simple php eval shell into target that can be used for further exploitation. Usage Info usage: first, inject the shell: python injectshell.py -a http://www.attacksite.com/forumsubdomain after injecting the shell you can also inject your own...

Information Disclosure

Moodle is susceptible to information disclosure. The vulnerability is possible due to a flaw which reveals the names of hidden forums and forum discussions...

Trump’s Dumps: ‘Making Dumps Great Again’

It's not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for their shops that run incessantly on various cybercrime forums. Exhibit A: McDumpals, a hugely popular carding site that borrows the Ronald McDonald...

CVE-2016-10073

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request...

CVE-2016-10073

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request...

Design/Logic Flaw

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request...

CVE-2016-10073

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request...

CVE-2016-10073

Vanilla Forums