security vulnerability

We've had a few recent problems with old accounts being hacked for the purpose of "selling" goods (ie, scamming) in our member-to-member marketplace using these stolen identities. (The amounts are in the low thousands of dollars each, so it's serious.) Our forum has been around for 17 years...

Insert image that redirects to iplogger by using image by URL and just wait for them to download the image

XF 1.5.21 (and some older versions) use jQuery 1.11.0 which has a known XSS security vulnerability of medium severity. https://snyk.io/vuln/npm:jquery:20150627

I don't think conversations need to be sniffed by Google Analytics, so is there a way to exclude Google Analytics from conversation pages? Maybe wrapping <xen:if is="{$isConversation}"> around the analytics template works, but what would the isConversation variable be?

When posting Error Reports in public forums like xenforo.com or a developers forum its unwise to post raw error reports as that will expose server details, user details and xenforo details of the website, which can be abused by hackers. The report itself could still show the full details. but...

Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months...

I've found a minor-to-medium security issue on XenForo's default install, I've been searching for resources for responsible disclosure of this, but I haven't been able to find any. Please let me know.

It recently came to our attention that there is a potential vulnerability in FFmpeg which has the potential to be exploited via XenForo Media Gallery if you have FFmpeg features enabled (or are using any other code that uses FFmpeg). The issue is exploitable by using a specially constructed...

Just out of curiosity, what was the specially crafted profile post that triggered the security vulnurability?

Browsers like Firefox are blocking Adobe Flash and showing a security warning: Firefox has prevented the unsafe plugin "Adobe Flash" from loading on xenforo.com Meanwhile Facebook is calling on Adobe to kill Flash and states that its no longer a risk worth taking. I suggest to remove Flash...

If you're running 18.0.0.203, you're fine. Anything below and you should update as soon as possible. You can check your version here: Adobe - Flash Player Credit to a friend of mine from another forum: Adobe Flash possibly compromised | KH-Vids | Your ultimate source for Kingdom Hearts media...

Info: http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 This issue affects anyone doing DNS lookups, including reverse DNS lookups. XenForo explicitly does DNS lookups of IPs at registration time, and as such...