Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the /private-posts endpoint not applying post type...

Discourse Access Control Error Vulnerability (CNVD-2026-17484)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from a Chat::AddUsersToChannel add member that bypasses private...

EUVD-2008-6048

Malware in sbrugna...

BIT-DISCOURSE-2024-56197 Users can see other user's tagged PMs in Discourse

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the late...

WhatsApp calls and messages will break unless you share data with Facebook

WhatsApp told users last week that there was no need for alarm regarding an upcoming privacy policy deadline, as users who refuse to accept the privacy policy will not have their accounts deleted—they will just have their apps rendered useless, eventually incapable of receiving calls and messages...

WebUntis 2020.12.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications I. VULNERABILITY ------------------------- WebUntis 2020.12.1 - Authenticated Cross Site Scripting II. BACKGROUND ------------------------- WebUntis is a tool for schools and universities to deliver electronic timetables to their students...

WebUntis 2020.12.1 Cross Site Scripting

I. VULNERABILITY ------------------------- WebUntis 2020.12.1 - Authenticated Cross Site Scripting II. BACKGROUND ------------------------- WebUntis is a tool for schools and universities to deliver electronic timetables to their students. Depending from the activated modules it does also contain...

Concrete CMS: Cross Site Scripting (XSS) Stored - Private messaging

• Title: concrete5-8.5.2 Cross Site Scripting XSS Stored - Private messaging • Keyword: crayons • Software : concrete5 • Product Version: 8.5.2 • Vulnerability : Cross Site Scripting XSS Stored • Vulnerable component: Private messaging concrete5 latest version 8.5.2 suffer from persistent Stored...

mybb -- vulnerabilities

mybb Team reports: High risk: Theme import stylesheet name RCE High risk: Nested video MyCode persistent XSS Medium risk: Find Orphaned Attachments reflected XSS Medium risk: Post edit reflected XSS Medium risk: Private Messaging folders SQL injection Low risk: Potential phar deserialization...

Kushner Used WhatsApp, a Very Bad Database Leak, and More Security News This Week

The president's daughter and son-in-law used private messaging against the rules, and more security news this week...

HackerOne: Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers

Summary: Transitioning a private program to public does not clear the previously private updates to hackers Description Include Impact: If you are managing a private bug bounty program and choose to message hackers in the program with a targeted bounty campaign or other limited / private messagin...

Barter Sites 1.3 Joomla Component Multiple Vulnerabilities

No description provided by source. Barter Sites 1.3 Component Joomla SQL Injection & Persistent XSS vulnerabilities Release Date Bug. 28-Oct-2011 Date Added. 01-Oct-2011 Vendor Notification Date. Never Product. Barter Sites Platform. Joomla Affected versions. 1.3 Type. Commercial Price. $99 Attac...

easytalk一处指哪打哪XSS

简要描述： 详细说明： XSS发生在私信 输入XSS代码： 即可触发，盗取cookie 漏洞证明： 顺便再送个反射形 http://www.hahawb.cn/?m=app&a=applist&keyword=%22%3E%3Cimg%20src=1%20onerror=%22alert%281%29%22/%3E...

SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey

SEC Consult Vulnerability Lab Security Advisory 20130417-0 ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage:...

Joomla Component com_soundset LFI Vulnerability

Exploit for php platform in category web applications =============================================== Joomla Component comsoundset LFI Vulnerability =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0...

Kubelance SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================== Kubelance SQL Injection Vulnerability ===================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /...

CVE-2008-6078

SQL injection vulnerability in open.php in the Private Messaging comprivmsg component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php...

CVE-2008-6078

SQL injection vulnerability in open.php in the Private Messaging comprivmsg component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php...

PunBB (Private Messaging System 1.2.x) Multiple LFI Exploit

Exploit for unknown platform in category web applications =========================================================== PunBB Private Messaging System 1.2.x Multiple LFI Exploit =========================================================== ?php errorreporting0; iniset"defaultsockettimeout",5; / PunBB...

Limbo CMS - Private Messaging Component SQL Injection

/ Limbo CMS Private Messaging Component Remote SQL Injection Vulnerability -------------------------------------------------------------------------- StAkeRathotmaildotit http://www.limboportal.com/index.php/option/downloads/task/download/id/108...