Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2008-5711
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and previous versions allows remote malicious users to execute arbitrary code via a long FileMask property value.
Facebook Photouploader 4.5.57.0
Facebook Photouploader
3 EDB exploits
4.3
CVSSv2
CVE-2018-6332
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests...
Facebook Hhvm 3.24.3
Facebook Hhvm
6.8
CVSSv2
CVE-2018-6340
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).
Facebook Hhvm
Facebook Hhvm 3.30
6.8
CVSSv2
CVE-2014-9524
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin prior to 2.8.3 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) change plugin settings via unspeci...
Facebook Like Box Project Facebook Like Box
3.5
CVSSv2
CVE-2018-6858
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.
Facebook Clone Script Project Facebook Clone Script 1.0.5
6.5
CVSSv2
CVE-2017-17615
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
Facebook Clone Script Project Facebook Clone Script 1.0
1 EDB exploit
3.5
CVSSv2
CVE-2018-5214
The "Add Link to Facebook" plugin up to and including 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.
Add Link To Facebook Project Add Link To Facebook
5.4
CVSSv2
CVE-2014-7376
The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Facebook Profits On Steroids Project Facebook Profits On Steroids 0.1
3.5
CVSSv2
CVE-2022-0209
The Mitsol Social Post Feed WordPress plugin prior to 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disa...
Facebook-wall-and-social-integration Project Facebook-wall-and-social-integration
3.5
CVSSv2
CVE-2015-3390
Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.
Facebook Album Fetcher Project Facebook Album Fetcher 7.x-1.x-dev
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »