Vanilla Forums 2.0.18.5 Local File Inclusion

Vanilla Forums versions 2.0.18.5 and below suffer from a PHP object injection vulnerability in class.utilitycontroller.php that in turn allows for local file inclusion. ------------------------------------------------------------------------------------------- Vanilla Forums...

Vanilla Forums 2.0.18.5 Local File Inclusion

------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize them & save them if necessary 327. $Messages = GdnFormat::Unserialize$Messages;...

Major VBulletin based websites are vulnerable to Hackers; Pakistani forums defaced by Indian Hackers

vBulletin is a publishing suite that allows users to create and publish a variety of content, including: forums, blogs, and polls. If you currently use an older version of vBulletin on your website, you might be opening up your site to an attack as some serious security vulnerabilities, which...

Major VBulletin based websites are vulnerable to Hackers; Pakistani forums defaced by Indian Hackers

vBulletin is a publishing suite that allows users to create and publish a variety of content, including: forums, blogs, and polls. If you currently use an older version of vBulletin on your website, you might be opening up your site to an attack as some serious security vulnerabilities, which...

CVE-2013-5320

Cross-site scripting XSS vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter...

CVE-2013-5320

The CVE-2013-5320 entry describes a Cross‑site Scripting (XSS) flaw in mojoPortal (Forums/EditPost.aspx) before version 2.3.9.8. The vulnerability arises from accepting user input in the txtSubject parameter, enabling remote attackers to inject arbitrary script/HTML. Impact is typical client-side...

Questions Linger About New Linux 'Hand of Thief' Trojan

It looks like cybercriminals will soon be able to add yet another Trojan to their hacking repertoire, the Hand of Thief banking malware that targets Linux machines. Currently being sold on the Russian black market, Hand of Thief is fetching $2,000 USD €1,500 EUR but could be poised to run a cool...

German Video Game 'Crytek' Websites go offline after Security Breach

It seems that German Video Game company 'Crytek' has been the latest victim of hacking attacks on its website and few forums, and caused Crytek's family of websites to go offline. According to the company, "Our Crytek.com, Mycryengine.com, Crydev.net and MyCrysis.com sites were all subject to a...

NSA’s #XKeyscore program could read Facebook Chats And Private Messages

According to a new report revealed by NSA leaker Edward Snowden, The National Security Agency has a secret program that allows it to see just about everything a person does on the Internet. An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using...

Ubuntu Forums Password Breach Exposes 1.8 Million Users

Every username, password and email address used by members of the Ubuntu Forums was accessed in a breach reported on Saturday by the free Linux distribution. More than 1.82 million accounts stored in the forums’ database were stolen, according to a notice posted on the forums’ home page Saturday...

MyBB < 1.6.10 Multiple Vulnerabilities

According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : - A SQL injection vulnerability exists due to improper sanitization of user-supplied input during database optimization. - A SQL injection vulnerability exists due to improp...

Apple's Developer Center Offline for 32 Hours; Compromised ?

It's been over a day now since Apple's online Dev Center went offline, and latest message can be seen in the screenshot, which explains that the current maintenance has took a lot longer than they expected. "We apologize that maintenance is taking longer than expected. If your program membership...

Ubuntu Forums hacked; 2 million user's personal Information compromised

Ubuntuforums.org, The popular Ubuntu Forums site, has posted a message on its index page, informing its near 2 million users that it has suffered a serious security breach. “There has been a security breach on the Ubuntu Forums,” reads the page. The site was defaced by hacker with Twitter handle...

Beta Bot Trojan Emerges as New Type of Banking Malware

A new strain of banking malware, Beta Bot, has been refined over the last few months to target ecommerce and comes complete with an array of features to help prevent it from being caught by usual security measures. According to research conducted by RSA Security’s Limor Kessem, the bot started ou...

Vanilla Forums 2.0.18.8 XSS / Insecure Permissions

Exploit Title: Vanilla Forums Insecure Permissions Vulnerability Date: 15/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage: http://vanillaforums.org Software Link: http://vanillaforums.org Version: 2.0.18.8 Tested on: Debian CVE : none yet When you make...

Vanilla Forums 2.0.18.8 - Multiple Vulnerabilities

Vanilla Forums 2.0.18.8 - Multiple Vulnerabilities Exploit Title: Vanilla Forums Insecure Permissions Vulnerability Date: 15/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage: http://vanillaforums.org Software Link: http://vanillaforums.org Version:...

Vanilla Forums 2.0.18.8 - Insecure Permissions / XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Vanilla Forums Insecure Permissions Vulnerability Date: 15/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage: http://vanillaforums.org Software Link: http://vanillaforums.org Version:...

Vanilla Forums 2.0.18.8 - Multiple Vulnerabilities

Exploit Title: Vanilla Forums Insecure Permissions Vulnerability Date: 15/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage: http://vanillaforums.org Software Link: http://vanillaforums.org Version: 2.0.18.8 Tested on: Debian CVE : none yet When you make...

CVE-2012-6555

Cross-site scripting XSS vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title...