Design/Logic Flaw

The Android Forums aka com.tapatalk.androidforumscom application 2.4.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5889

The Android Forums aka com.tapatalk.androidforumscom application 2.4.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5889

The CVE-2014-5889 incident concerns the Android Forums (com.tapatalk.androidforumscom) Android app, version 2.4.4.9, which fails to verify X.509 certificates when connecting to SSL servers. Root cause: improper TLS/SSL validation enabling man-in-the-middle attackers to spoof servers and access se...

MGASA-2014-0379 Updated moodle packages fix security vulnerbilities

Updated moodle packages fix security vulnerabilities: In Moodle before 2.6.5, users who had not yet posted the required answer in a Q&A forum in order to access past posts were able to see the name of the last person who had posted, as other authors are visible in /mod/forum/view.php before the...

Malicious Advertisements Found on Java.com, Other High-Profile Sites

A New York-based online ad network company AppNexus, that provides a platform specializing in real-time online advertising, has again been spotted as the origin of a recent "malvertising" campaign that makes use of the Angler Exploit Kit to redirect visitors to malicious websites hosting the Aspr...

Georgia Tech Releases BlackForest Threat Intelligence Tool

Enterprises longing for an automated system that sends up a smoke signal that attackers may be planning a move against a particular organization or are promoting a new tool that targets companies in a specific industry may have had their wish come true. Georgia Tech Research Institute has release...

vBulletin 5.1.2 SQL Injection

?php / Author: Nytro Powered by: Romanian Security Team Price: Free. Educational. / errorreportingEALL; iniset'displayerrors', 1; // Get arguments $targeturl = isset$argv1 ? $argv1 : 'https://rstforums.com/v5'; $expression = strreplace'/', '\/', $targeturl; // Function to send a POST request...

New Kronos Banking Malware Advertised On Russian Forums

Criminals are advertising a new banking Trojan on Russian forums, one going for a hefty price and being marketed as a method of evading detection and analysis. To date, however, security researchers have yet to obtain a sample of Kronos, which is available on a few forums for pre-order at a cost ...

Phishers Use Luis Suarez Bite as Bait

The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been...

Web Wiz Forums <= 9.07 (sub) Remote Directory Traversal Vulnerability

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: Web Wiz ForumsTM Vendor: http://www.webwizguide.com/ Bug: Directory traversal Vulnerable Version: 9.07 Exploit: Available Fix Available: No! Fast Solution is available. - Description: Web Wiz Forums bullet...

Vanilla Forums LatestComment 1.1 Plugin Persistent XSS

No description provided by source. Title: Vanilla LatestComment 1.1 Plugin Persistant XSS Vulnerability Date: 18/5/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Latest Comment 1.1...

vanilla forum tagging plug-in enchanced 1.0.1 - Stored XSS

No description provided by source. Title: Vanilla Tagging Enchanced 1.0.1 Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Tagging Enhanced plugin 1.0.1 http://vanillaforums.org/download...

Apple Safari 2.0.4 Cross-Domain Browser Location Information Disclosure Vulnerability

source: http://www.securityfocus.com/bid/24121/info Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions. Exploiting this issue may allow attackers to access locations that a user visits, even if it's in a...

Quicksilver Forums <= 1.4.2 RCE Exploit (windows only)

No description provided by source. Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums = 1.4.2 Site: http://www.quicksilverforums.com/ Bug: Local File Inclusion Exploit: Remote Command Execution Note: Works with windows servers only Works regardless php.ini...

Vanilla Forums 2.0 - 2.0.18.5 (class.utilitycontroller.php) - PHP Object Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------------------------- Vanilla Forums = 2.0.18.5 class.utilitycontroller.php PHP Object Injection Vulnerability...

Web Wiz Forums 7.01 Members.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20054/info Web Wiz Forums is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to have arbitrary script code execute in the...

Live CMS SQL Injection Vulnerability

No description provided by source. / - Live CMS SQL Injection Vulnerability - ---Date : 2010-06-17 ---Author : ahwak2000 ---Email : z.u5athotmail.com - Script Info - ---Home : http://live-space.ru ---Demo : http://demo.live-space.ru/index.php - Vulnerability -...

Vanilla Forums About Me Plugin Persistant XSS

No description provided by source. Title: Vanilla About Me Plugin Persistant XSS Vulnerability Date: 18/5/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + About Me 1.1.1 http://vanillaforums.org/addon/aboutme-plugin...

Snitz Forums 2000 Down.ASP HTTP Response Splitting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11201/info Snitz Forums is reported prone to a HTTP response splitting vulnerability. The issue exists in a parameter of the 'down.asp' script. The issue presents itself due to a flaw in the affected script that allows an...

Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple CSRF Vulnerabilities

No description provided by source. Exploit Title: Vanilla Forums = 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF Google Dork: n/a Date: 13/4/13 Exploit Author: Henry Hoggard Vendor Homepage: http://vanillaforums.org/ , http://vanillaforums.org/addon/van2shout-plugin Software Link:...