CVE-2018-11580

An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site a...

Design/Logic Flaw

An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site a...

MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting

Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting Date: 5/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 Version: 1.0.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-11532 1...

UBUNTU-CVE-2018-1135

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

CVE-2018-1135

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation

The WordPress application running on the remote web server is version 4.7.x prior to 4.7.2. It is, therefore, affected by a privilege escalation vulnerability in the REST API due to a failure to properly sanitize user- supplied input to the 'id' parameter when editing or deleting blog posts. An...

MyBB Latest Posts on Profile plugin cross-site scripting vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by the MyBB team using PHP and MySQL. Latest Posts on Profile is used in one of the post profile plugin. A cross-site scripting vulnerability exists in version 1.1 of the MyBB Latest Posts on Profile plugin, which stems fro...

CVE-2018-10580

The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject aka thread subject field...

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914 Version: 1.1 Tested on: Ubuntu...

MyBB Latest Posts On Profile 1.1 Cross Site Scripting

Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Date: 4/20/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914 Version: 1.1 Tested on: Ubuntu 17.10 CVE: CVE-2018-10580 1...

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Date: 4/20/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914...

CVE-2018-5758

creationtimestamp| type| source ---|---|--- 2018-03-10 11:23:06+00:00| published-proof-of-concept| https://t.me/canyoupwnme/3408 2018-03-10 15:10:00+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/1158 2024-06-22 09:28:36+00:00| published-proof-of-concept|...

CVE-2017-18195

An issue was discovered in tools/conversations/viewajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental 'cnvID' integers...

CVE-2018-7198

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

Deserialization of untrusted data

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

CVE-2018-7198

CVE-2018-7198 affects October CMS up to version 1.0.431, specifically the RainLab Blog Plugin. It enables stored XSS by entering HTML on the Add Posts page, allowing a malicious payload to be stored and subsequently executed. The issue is documented across multiple sources (GHSA/OSV and exploit r...

CVE-2018-7198

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

Dropbox: Forum posts and private messages are poorly sanitized, allowing execution of arbitrary JavaScript

The reporter informed us of both stored XSS vulnerabilities as well as unsafe css attributes that were allowed in forum posts due to TinyMCE editor. An upgrade to lithium's forum platform appears to have mitigated these vulnerabilities...

CVE-2017-15399

creationtimestamp| type| source ---|---|--- 2018-01-29 14:31:45+00:00| published-proof-of-concept| https://t.me/R0Crew/405 2018-01-30 05:26:35+00:00| published-proof-of-concept| https://t.me/br0wsec/25 2018-01-30 07:40:25+00:00| published-proof-of-concept| https://t.me/antichat/774 2018-01-30...

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery Privilege Escalation

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery Privilege Escalation Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage:...