The Latest in IT Security

Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

12
May
2017
Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

information-security_fzjp

Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

Legal Hackers‘ Dawid Golunski found the vulnerabilities–a host header injection and an unauthorized remote code execution vulnerability–in software which is developed by Vanilla Forums.

Golunski reported the issues to Vanilla Forums in January and while a support team acknowledged his reports, he’s experienced five months of silence from the company since, something that prompted him to finally disclose the vulnerabilities Thursday via his ExploitBox.io service.

Read More

Leave a reply


Categories

SATURDAY, OCTOBER 20, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks