Vanilla Forums Password Reset Vulnerability

Vanilla Forums is a Canadian company Vanilla Forums PHP-based open source forum program . A security vulnerability exists in the from method of the library/core/class.email.php file in versions of Vanilla Forums prior to 2.3.1. A remote attacker can exploit this vulnerability by using a specially...

Vanilla Forums < 2.3 - Remote Code Execution Exploit

Exploit for php platform in category remote exploits !/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // Vanilla Forums = 2.3 Remote Code Execution RCE PoC Exploit 0day Core version no plugins, default...

Vanilla Forums <= 2.3 Unauth Remote Code Execution (CVE-2016-10033)

I. VULNERABILITY ------------------------- Vanilla Forums = 2.3 Unauth. Remote Code Execution RCE exploit CVE-2016-10033 0day II. BACKGROUND ------------------------- "Community Forums Reinvented Create an online community that your customers will love. Vanilla's forum software is used by top...

Vanilla Forums 2.3 Remote Code Execution

!/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // Vanilla Forums = 2.3 Remote Code Execution RCE PoC Exploit 0day Core version no plugins, default config. CVE-2016-10033 RCE CVE-2016-10073 Header Injection...

0-Day Flaws in Vanilla Forums Let Remote Attackers Hack Websites

A security researcher has publicly disclosed two critical zero-day vulnerabilities in Vanilla Forums, an open source software that powers discussion on over 500,000 websites, which could allow unauthenticated, remote attackers to fully compromise targeted websites easily. Discovered by Polish...

Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code. Legal Hackers‘ Dawid Golunski found the vulnerabilities–a host header injection and an...

forums.playbattlegrounds.com XSS vulnerability

Vulnerable URL: http://forums.playbattlegrounds.com/admin/convertutf8/index.php?controller=%27;alert%27XSSPOSED%27// Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| N...

Vanilla Forums 2.3 - Remote Code Execution

Vanilla Forums 2.3 - Remote Code Execution !/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // Vanilla Forums = 2.3 Remote Code Execution RCE PoC Exploit 0day Core version no plugins, default config...

Vanilla Forums &lt; 2.3 - Remote Code Execution

!/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // Vanilla Forums = 2.3 Remote Code Execution RCE PoC Exploit 0day Core version no plugins, default config. CVE-2016-10033 RCE CVE-2016-10073 Header Injection...

linuxforums.org Open Redirect vulnerability

Vulnerable URL: http://www.linuxforums.org/forum/redirect-to/?redirect=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 65316 VIP website...

CVE-2016-3731

Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions...

Design/Logic Flaw

Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions...

CVE-2016-3731

Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions...

UBUNTU-CVE-2016-3731

Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions...

CVE-2016-3731

CVE-2016-3731 affects Moodle 3.0 (3.0.0–3.0.3), 2.9 (2.9.0–2.9.5), and 2.8 (2.8.0–2.8.11). The vulnerability allows remote attackers to obtain the names of hidden forums and forum discussions. The provided documents do not include exploit details, affected module specifics beyond the version rang...

Low-Cost Ransomware Service Discovered

A new ransomware as a service RaaS called Karmen has been discovered by security researchers at Recorded Future. This service allows anyone, including novices, to set up an account and customize their own ransomware campaign. The Karmen RaaS costs $175 and lets buyers set ransom prices, determine...

FreeBSD : moodle -- multiple vulnerabilities (f72d98d1-0b7e-11e7-970f-002590263bf5)

Marina Glancy reports : - MSA-17-0001: System file inclusion when adding own preset file in Boost theme - MSA-17-0002: Incorrect sanitation of attributes in forums - MSA-17-0003: PHPMailer vulnerability in no-reply address - MSA-17-0004: XSS in assignment submission page %NASLMINLEVEL 70300 C...

CVE-2017-6479

FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php search-by-topic parameter...

CVE-2017-6479

FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php search-by-topic parameter...

CVE-2017-6479

FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php search-by-topic parameter...