1491 matches found
CVE-2014-9685
Multiple cross-site scripting XSS vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-9685
Summary: CVE-2014-9685 concerns multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums. Affected versions are prior to 2.0.18.13 and 2.1.x prior to 2.1.1. The bugs allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The documented impact is user-v...
Indexing the Dark Web One Hacking Forum At A Time
CANCUN–There are only so many ways to tip-toe around some of the Internet’s darker, seedier corners. Sites offering illegal drugs, DDoS for hire and other questionable merchandise are often laden with malware, hazardous to visit, and in turn, can be hard to fully get a grip on. But according to...
Vanilla Forums 2.1.1 Cross Site Scripting
The vulnerability is related to the insufficient filtration in HTMLawed. Existing filter can be bypassed and paste into the HTML tag onerror event, that leads to stored XSS. I notified the developers of existing vulnerabilities and they closed it in version 2.1.1 proof:...
Open redirect
Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirecturl parameter...
CVE-2014-10030
Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirecturl parameter...
MyBB Forums 1.8.2 - Persistent Cross-Site Scripting
Exploit Title:Stored XSS vulnerability in MyBB 1.8.2 Date: 16th November'2014 Exploit Author: Avinash Kumar Thapa Vendor Homepage: http://www.mybb.com/ Software Link: http://www.mybb.com/download/ Version: MyBB 1.8.2 latest Tested on: Operating System: Windows 8.1 Browser Used : Mozilla Firefox...
MyBB Forums 1.8.2 - Persistent Cross-Site Scripting
MyBB Forums 1.8.2 - Persistent Cross-Site Scripting Exploit Title:Stored XSS vulnerability in MyBB 1.8.2 Date: 16th November'2014 Exploit Author: Avinash Kumar Thapa Vendor Homepage: http://www.mybb.com/ Software Link: http://www.mybb.com/download/ Version: MyBB 1.8.2 latest Tested on: Operating...
CVE-2014-7616
The Physics Forums aka com.tapatalk.physicsforumscom application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7536
The Service Academy Forums aka com.tapatalk.serviceacademyforumscom application 3.6.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Service Academy Forums aka com.tapatalk.serviceacademyforumscom application 3.6.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Physics Forums aka com.tapatalk.physicsforumscom application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7616
The Physics Forums aka com.tapatalk.physicsforumscom application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7536
The Service Academy Forums aka com.tapatalk.serviceacademyforumscom application 3.6.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7616
CVE-2014-7616 affects the Android version of the Physics Forums app (3.9.22). The vulnerability is that the app does not verify X.509 certificates when establishing TLS connections, enabling potential MITM attackers to spoof SSL servers and access sensitive information via a crafted certificate. ...
Snitz Forums 2000 3.4.07 Database Disclosure
!/usr/bin/perl -w Snitz Forums 2000 v3.4.07 Database Disclosure Exploit Author : indoushka Vondor : http://forum.snitz.com use LWP::Simple; use LWP::UserAgent; system'cls'; system'Snitz Forums 2000 v3.4.07 Database Disclosure Exploit'; system'color a'; if@ARGV new; my $request =...
Toast Forums Database Disclosure
!/usr/bin/perl -w Toast Forums Database Disclosure Exploit Author : indoushka Vondor : ToastForums.com use LWP::Simple; use LWP::UserAgent; system'cls'; system'Toast Forums Database Disclosure Exploit'; system'color a'; if@ARGV new; my $request = $useragent-get$url,":contentfile" = "D:/data.mdb";...
CVE-2014-6864
The Forest River Forums aka com.socialknowledge.forestriverforums application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6864
CVE-2014-6864 concerns the Forest River Forums Android app (package com.socialknowledge.forestriverforums) version 3.7.5. The vulnerability arises because the app does not verify X.509 certificates from SSL servers, which can allow man-in-the-middle attackers to spoof servers and obtain sensitive...
Paypal Inc BB #32 - Multiple Persistent Vulnerabilities
Document Title: =============== Paypal Inc BB 32 - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=716 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID: ==================================== 716...