recordpress 0.3.1 - Multiple Vulnerabilities

---------------------------------------------------------------- WebApplication : RecordPress 0.3.1 Type of vunlnerability : CSRF Change Admin Password And XSS Risk of use : Medium ---------------------------------------------------------------- Producer Website : http://www.recordpress.org/...

Ruubik CMS 1.0.3 Cross Site Request Forgery / Cross Site Scripting

---------------------------------------------------------------- WebApplication : RuubikCMS Version 1.0.3 Type of vunlnerability : CSRF Change Admin Password And XSS Risk of use : Medium ---------------------------------------------------------------- Producer Website : http://www.ruubikcms.com/...

RuubikCMS Version 1.0.3 Multiple Vulnerabilities

Exploit for php platform in category web applications ---------------------------------------------------------------- WebApplication : RuubikCMS Version 1.0.3 Type of vunlnerability : CSRF Change Admin Password And XSS Risk of use : Medium...

Ruubikcms 1.0.3 - Multiple Vulnerabilities

Ruubikcms 1.0.3 - Multiple Vulnerabilities ---------------------------------------------------------------- WebApplication : RuubikCMS Version 1.0.3 Type of vunlnerability : CSRF Change Admin Password And XSS Risk of use : Medium ----------------------------------------------------------------...

Shia Community Forums hacked by ALM3R3FH

Shia Community Forums hacked by ALM3R3FH Hacked site : www.shiaforums.com Mirror: News Source : ALM3R3FH...

Vanilla Forums 2.0.17.x - p Cross-Site Scripting

Vanilla Forums 2.0.17.x - p Cross-Site Scripting source: https://www.securityfocus.com/bid/46486/info Vanilla Forums is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...

Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability

OVERVIEW The Vanilla Forums 2.0.17.1 till 2.0.17.5 were vulnerable to Cross Site Scripting. 2. BACKGROUND Vanilla Forums are open-source, standards-compliant, customizable discussion forums. It is specially made to help small communities grow larger through SEO mojo, totally customizable social...

Vanilla Forums 2.0.17.x - 'p' Cross-Site Scripting

source: https://www.securityfocus.com/bid/46486/info Vanilla Forums is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Vanilla Forums 2.0.17.1 - 2.0.17.5 Cross Site Scripting

OVERVIEW The Vanilla Forums 2.0.17.1 till 2.0.17.5 were vulnerable to Cross Site Scripting. 2. BACKGROUND Vanilla Forums are open-source, standards-compliant, customizable discussion forums. It is specially made to help small communities grow larger through SEO mojo, totally customizable social...

Anonymous Surpasses Wikileaks !

The exploits of Anonymous to hack the systems of firms providing spying services to governments and corporations suggest that the WikiLeaks mini-era has been surpassed. Much of WikiLeaks promise to protect sources is useless if the sources are not whistleblowers needing a forum for publication...

CVE-2011-0526

Cross-site scripting XSS vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action...

CVE-2011-0909

Cross-site scripting XSS vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526...

CVE-2011-0908

Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526...

CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...

Code injection

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...

Cross site scripting

Cross-site scripting XSS vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526...

Open redirect

Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526...

CVE-2011-0910

Vanilla Forums vulnerability CVE-2011-0910 affects versions before 2.0.17.6. The cookie implementation allows remote attackers to spoof signed requests and potentially gain access to arbitrary user accounts via HMAC timing attacks. Root cause: flawed cookie handling enabling timing-based forgery....

CVE-2011-0526

CVE-2011-0526 is a documented XSS in Vanilla Forums prior to 2.0.17. An attacker could inject arbitrary script/HTML via the Target parameter in the /entry/signin action (index.php). The Red Hat and NVD entries confirm the affected product and vector, with no exploitation details provided in the s...

CVE-2011-0909

Cross-site scripting XSS vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526...