Vanilla Forums Other Vulnerability (CVE-2011-0910)

Description

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Remediation

References

CVE-2011-0910

Related Vulnerabilities

WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1)

WordPress Plugin W3 Total Cache Multiple Unspecified Vulnerabilities (0.9.5.1)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6477)

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-0448)

WordPress Plugin Advanced post slider Unspecified Vulnerability (2.4.0)

Severity

Medium

Classification