Vanilla Forums < 2.3 - Remote Code Execution Vulnerability
Description: Vanilla Forums software (including the latest stable version of 2.3 in its default configuration) is affected by * Host Header Injection CVE-2016-10073 which can be exploited by unauthenticated remote attackers to potentially intercept password reset hash and gain unauthorized access to the victim account or perform web-cache poisoning attacks.
Impact: With victim user interaction, attacker could potentially intercept the password reset hash. This vulnerability may also lead to web-cache poisoning if the HOST header is used to form links in web responses. See references for more details on this vector.
Mitigation: Updates are available. Please see the references for more information.
PetitPotam: Microsoft Windows Server NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
26 Jul 2021 - Security Advisories & Alerts
25 Jul 2021 - Security Advisories & Alerts