Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanilla forums vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2016-10073
The from method in library/core/class.email.php in Vanilla Forums prior to 2.3.1 allows remote malicious users to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Vanillaforums Vanilla
1 EDB exploit
1 Article
570
VMScore
CVE-2011-0910
The cookie implementation in Vanilla Forums prior to 2.0.17.6 makes it easier for remote malicious users to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.
Vanillaforums Vanilla 2.0.10
Vanillaforums Vanilla 2.0.11
Vanillaforums Vanilla 2.0.12
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.17
Vanillaforums Vanilla 2.0.17.1
Vanillaforums Vanilla 2.0.17.2
Vanillaforums Vanilla 2.0.17.3
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.9
Vanillaforums Vanilla 2.0.17.4
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.16
Vanillaforums Vanilla
383
VMScore
CVE-2011-0909
Cross-site scripting (XSS) vulnerability in Vanilla Forums prior to 2.0.17.6 allows remote malicious users to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
Vanillaforums Vanilla 2.0.17.2
Vanillaforums Vanilla 2.0.17.3
Vanillaforums Vanilla 2.0.17.4
Vanillaforums Vanilla
Vanillaforums Vanilla 2.0.12
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.10
Vanillaforums Vanilla 2.0.9
Vanillaforums Vanilla 2.0.17.1
Vanillaforums Vanilla 2.0.11
Vanillaforums Vanilla 2.0.16
Vanillaforums Vanilla 2.0.17
383
VMScore
CVE-2011-0526
Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums prior to 2.0.17 allows remote malicious users to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.9
Vanillaforums Vanilla 2.0.10
Vanillaforums Vanilla 2.0.12
Vanillaforums Vanilla
Vanillaforums Vanilla 2.0.11
383
VMScore
CVE-2011-1009
Vanilla Forums 2.0.17.1 up to and including 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
Vanillaforums Vanilla
445
VMScore
CVE-2011-3613
An issue exists in Vanilla Forums prior to 2.0.17.9 due to the way cookies are handled.
Vanillaforums Vanilla
668
VMScore
CVE-2011-3614
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums prior to 2.0.17.9.
Vanillaforums Vanilla
435
VMScore
CVE-2012-6557
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote malicious users to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/...
Zodiacdm Aboutme-plugin 1.1.1
1 EDB exploit
435
VMScore
CVE-2012-6555
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote malicious users to inject arbitrary web script or HTML via the discussion title.
Vanillaforums Latestcomment 1.1
1 EDB exploit
NA
CVE-2013-2749
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3528. Reason: This candidate is a reservation duplicate of CVE-2013-3528. Notes: All CVE users should reference CVE-2013-3528 instead of this candidate. All references and descriptions in this candidate have ...
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »