• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

security vulnerability

  1. Alfa1

    Error Reports without security sensitive details

    When posting Error Reports in public forums like xenforo.com or a developers forum its unwise to post raw error reports as that will expose server details, user details and xenforo details of the website, which can be abused by hackers. The report itself could still show the full details. but...
  2. jOOc

    CloudBleed HTTPS traffic leak

    Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months...
  3. Adrian Perez

    Where to report security issues?

    I've found a minor-to-medium security issue on XenForo's default install, I've been searching for resources for responsible disclosure of this, but I haven't been able to find any. Please let me know.
  4. Chris D

    Potential FFmpeg security vulnerability

    It recently came to our attention that there is a potential vulnerability in FFmpeg which has the potential to be exploited via XenForo Media Gallery if you have FFmpeg features enabled (or are using any other code that uses FFmpeg). The issue is exploitable by using a specially constructed...
  5. O

    XF 1.5 1.5.4 - What was the specially crafted profile post for the security vulnerability?

    Just out of curiosity, what was the specially crafted profile post that triggered the security vulnurability?
  6. Alfa1

    Duplicate Remove Flash from XF: security warning on XenForo.com

    Browsers like Firefox are blocking Adobe Flash and showing a security warning: Firefox has prevented the unsafe plugin "Adobe Flash" from loading on xenforo.com Meanwhile Facebook is calling on Adobe to kill Flash and states that its no longer a risk worth taking. I suggest to remove Flash...
  7. Amaury

    Possible Security Vulnerability with Adobe Flash

    If you're running 18.0.0.203, you're fine. Anything below and you should update as soon as possible. You can check your version here: Adobe - Flash Player Credit to a friend of mine from another forum: Adobe Flash possibly compromised | KH-Vids | Your ultimate source for Kingdom Hearts media...
  8. X

    DNS lookup vulnerability (CVE-2015-0235) in glibc (XF is a vector when on Linux)

    Info: http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 This issue affects anyone doing DNS lookups, including reverse DNS lookups. XenForo explicitly does DNS lookups of IPs at registration time, and as such...