coopcityinfo.com XSS vulnerability

Open Bug Bounty ID: OBB-671977 Description| Value ---|--- Affected Website:| coopcityinfo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)

Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 Description : An issue was...

Chrome Bug Allowed Hackers to Find Out Everything Facebook Knows About You

With the release of Chrome 68, Google prominently marks all non-HTTPS websites as 'Not Secure' on its browser to make the web a more secure place for Internet users. If you haven't yet, there is another significant reason to immediately switch to the latest version of the Chrome web browser. Ron...

UBUNTU-CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

WordPress Tooltipy (tooltips for WP) Cross-Site Request Forgery Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Tooltipy tooltips for WP is used in one of the plug-ins used to create responsive tip box. A cross-site request...

CVE-2018-1000505

Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...

Cross site request forgery (csrf)

Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...

Improper access control

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in...

CVE-2018-1000505

Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...

CVE-2018-1000505

Tooltipy (tooltips for WP) version 5 contains a Cross-Site Request Forgery (CSRF) vulnerability in the Settings page that could allow an attacker to cause a post to be duplicated. The issue is exploitable via a link the admin must follow, and affects the plugin’s 5.x line. It is stated to be fixe...

CVE-2018-1000505

Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...

CVE-2018-1000503

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in...

WordPress Tooltipy (tooltips for WP) Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Tooltipy tooltips for WP that allows anyone to copy posts...

A week in security (June 4 – June 10)

Last week on Labs, we took a look at hidden mobile ads, the perils of social media spam, and how to shore up your landline defenses. We also took a deep dive into Emotet malware analysis, and gave you some summertime safety tips. Other news Update your Adobe Flash player if you haven't already...

Facebook bug exposed private posts of 14 million users to public

By Carolina The social media giant Facebook said on Thursday that a critical bug This is a post from HackRead.com Read the original post: Facebook bug exposed private posts of 14 million users to public...

Facebook Software Bug Made Some Private Posts Public: 14 Million Affected

A Facebook software bug in May switched the “suggested audience” for posts to “public” for 14 millions of users. The glitch meant Facebook users who though they were sharing content with just friends or small groups actually made their posts available to the general public. The incident is the...

Facebook bug changed 14 million users' default privacy settings to public

Facebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug. Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece...

Facebook bug changed 14 million users' default privacy settings to public

Facebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug. Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece...

WordPress MULTIDOTS Mass Pages/Posts Creator Plugin Denial of Service Vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of blogging platform , the platform supports PHP and MySQL server set up a personal blog site . MULTIDOTS Mass Pages/Posts Creator plugin is used in one of the bulk page creation plugin . A security vulnerability...

WordPress Mass Pages/Posts Creator plugin <= 1.2.2 - Stored Cross-Site scripting (XSS) vulnerability

Stored Cross-Site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Mass Pages/Posts Creator plugin versions = 1.2.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...