MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting

Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Date: 3/15/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3 Tested on: Ubuntu 17.10 CVE: CVE-2018-10365 1. Description...

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Date: 3/15/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3...

MyBB Threads To Link 1.3 Cross Site Scripting

Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Date: 3/15/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3 Tested on: Ubuntu 17.10 1. Description: When editing a...

MyBB Threads To Link 1.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3 Tested on: Ubuntu...

MyBB Recent Threads On Index Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Recent threads Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads in the side bar on your MyB...

MyBB Recent Threads On Index 17.0 Cross Site Scripting

Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads in the side bar on your MyBB forum. 2. Proof of concept:...

MyBB Plugin Recent Threads On Index - Cross-Site Scripting

Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads in the side bar on your MyBB forum. 2. Proof of concept:...

MyBB Plugin Recent Threads On Index - Cross-Site Scripting

MyBB Plugin Recent Threads On Index - Cross-Site Scripting Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads i...

CVE-2017-14880

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "numq6rule" does not have a mut...

Code injection

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "numq6rule" does not have a mut...

CVE-2017-14880

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "numq6rule" does not have a mut...

Race condition

Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures...

CVE-2017-18249

The addfreenid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service race condition or possibly have unspecified other impact via concurrent threads...

DEBIAN-CVE-2017-18249

The addfreenid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service race condition or possibly have unspecified other impact via concurrent threads...

CVE-2017-18249

The addfreenid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service race condition or possibly have unspecified other impact via concurrent threads...

SubOver - A Powerful Subdomain Takeover Tool

Subover is a Hostile Subdomain Takeover tool designed in Python. From start, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 36 services which is much more than any other tool out there. The tool is multithreaded and hence delivers good speed. It can easily detect...

MyBB Last Users Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Last User's Threads in Profile Plugin v1.2 - Persistent XSS Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=910 Version: v1.2 Tested...

What are Hung Threads and why is the StreamProcess terminating?

On PVS Servers StreamProcess Hung Threads can lead to poor performance, constant target re-connections and even full outages. These Hung Threads are usually detected by looking at the Windows Application Event logs. The following Events will be recorded: Level| Source| Id| Text ---|---|---|---...

Arjun - Tool To Find Hidden GET & POST Parameters

Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce. Dependencies requests threading Usages Here's how you can scan a webpage for get parameters python arjun.py -u http://example.com/index.php --get For POST, just use the --post flag. To specify the number...

CVE-2018-7998

In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vipsregiongenerate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race conditi...