Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2018-6340
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).
Facebook Hhvm
Facebook Hhvm 3.30
445
VMScore
CVE-2013-4593
RubyGem omniauth-facebook has an access token security vulnerability
Omniauth-facebook Project Omniauth-facebook
945
VMScore
CVE-2008-5711
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and previous versions allows remote malicious users to execute arbitrary code via a long FileMask property value.
Facebook Photouploader 4.5.57.0
Facebook Photouploader
3 EDB exploits
605
VMScore
CVE-2014-9524
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin prior to 2.8.3 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) change plugin settings via unspeci...
Facebook Like Box Project Facebook Like Box
312
VMScore
CVE-2018-6858
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.
Facebook Clone Script Project Facebook Clone Script 1.0.5
655
VMScore
CVE-2017-17615
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
Facebook Clone Script Project Facebook Clone Script 1.0
1 EDB exploit
312
VMScore
CVE-2018-5214
The "Add Link to Facebook" plugin up to and including 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.
Add Link To Facebook Project Add Link To Facebook
481
VMScore
CVE-2014-7376
The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Facebook Profits On Steroids Project Facebook Profits On Steroids 0.1
312
VMScore
CVE-2022-0209
The Mitsol Social Post Feed WordPress plugin prior to 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disa...
Facebook-wall-and-social-integration Project Facebook-wall-and-social-integration
312
VMScore
CVE-2015-3390
Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.
Facebook Album Fetcher Project Facebook Album Fetcher 7.x-1.x-dev
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »