CVE-2012-5295

Cross-site scripting XSS vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter...

CVE-2012-5295

CVE-2012-5295 is an XSS vulnerability in FuseTalk Forums (

CVE-2012-5104

CVE-2012-5104 affects the web forum component UBB.threads (7.5.6 and earlier) . The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter. The connected records confirm the affected product/version and th...

ASP-DEv XM Forums RC 3 SQL Injection

. \ || \ \ \ / \ /\ \ |/ \ | / \ | | / | Y Y / \ | \ \ /|| |||| / /| / / / / / Exploit Title: ASP-DEv XM Forums RC 3 Remote Post Sql Injection Vulnerability Google Dork: Intext:"Powered by ASP-DEv XM Forums RC 3" Date: 08/29/2012 Author: Crim3R Site : Http://Ajaxtm.com/ Download Link :...

Web Wiz Forums 10.03 Cross Site Scripting

Exploit Title: web wiz forums 10.03 Cross Site Scripting Vulnerability Google Dork: intext:"powered by web wiz forums 10.03" Date: 08/24/2012 Author: Crim3R download Link : http://www.webwiz.co.uk/web-wiz-forums/forum-downloads.htm Tested on: all ====================================== the searchI...

Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55220/info Web Wiz Forums is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities

Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/55220/info Web Wiz Forums is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

CVE-2012-4060

Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 profile.asp, 2 forum.asp, or 3 topic.asp...

Sql injection

Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 profile.asp, 2 forum.asp, or 3 topic.asp...

CVE-2012-4060

Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to profile.asp, forum.asp, or topic.asp. The connected records confirm the affected component and vectors, but no exploitation details or patch/remediation...

CVE-2012-4060

Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 profile.asp, 2 forum.asp, or 3 topic.asp...

UBUNTU-CVE-2012-3392

mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums...

Password Leaks Continue: Billabong, NVIDIA Accounts Compromised

UPDATE: A string of high-profile hacks against online forums and companies continued on Thursday, with news that forums hosted by the technology firm NVIDIA as well as the surf-ware vendor Billabong. A document posted on the Web site codepaste.net purports to contain both administrative- and user...

Android Forums hacked, User Credentials Stolen

Phandroid's Android Forums Web site is hacked and user account details stolen, according to a notice posted online. The data includes the user names, e-mail addresses, hashed passwords, and registration IP addresses of the forums' more than 1 million users. If you are one of them, you should chan...

Dove Forums 1.0.3 Cross Site Request Forgery

In The Name Of Allah +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Exploit Title:Dove Forums-Add admin CSRF @@@@@ | Date : 2012-06-26 @ @ + Author :Ashiyane Digitl Security Team @ @@@ @ | Vendor :http://www.doveforums.com/ @ @ @ @ + Version: 1.0.3 @ @@ ...

Adele Bests Adderall As Affiliate Spammers Offer Music Downloads

Cyber criminals long ago discovered that there’s a big market for pharmaceuticals online, prompting a tsunami of pharmaceutical spam offering everything from “herbal Viagra” to Prozac and Adderall. But new data from security firm Webroot suggests that scammers are experimenting with new products,...

Vanilla Forums 2.0.18.4 Tagging Enhanced 1.0.1 Stored Cross Site Scripting

Title: Vanilla Tagging Enchanced 1.0.1 Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Tagging Enhanced plugin 1.0.1 http://vanillaforums.org/download http://vanillaforums.org/addon/tagging-plugin This...

Vanilla Forums 2.0.18.4 - Tagging Persistent Cross-Site Scripting

Vanilla Forums 2.0.18.4 - Tagging Persistent Cross-Site Scripting Title: Vanilla Tagging Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 http://vanillaforums.org/download Create a new thread and post you...

Vanilla Forums 2.0.18.4 Poll 0.9 Stored Cross Site Scripting

Title: Vanilla Poll 0.9 Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Vanilla Poll 0.9 http://vanillaforums.org/download http://vanillaforums.org/addon/poll-plugin To create the XSS firstly create a...

Vanilla Forums Poll Plugin 0.9 Stored XSS

Exploit for php platform in category web applications Title: Vanilla Poll 0.9 Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Vanilla Poll 0.9 http://vanillaforums.org/download...