CVE-2009-4174

The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magicquotesgpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews...

SA-CONTRIB-2009-045: Moderation - Cross Site Request Forgery

The Moderation module uses Ajax to provide a dynamic moderation queue for nodes and comments. The module is vulnerable to cross-site request forgeries CSRF via the AJAX hooks used to toggle the moderation bit. It allows a non-administrative user to trick an admin into publishing arbitrary moderat...

RHEL 5 : php (RHSA-2009:0338)

Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

CVE-2008-6567

Multiple cross-site scripting XSS vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via 1 the e-mail address, 2 a comment, which is not properly handled during moderation, and 3 the tag parameter to gallery/tags.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via 1 the e-mail address, 2 a comment, which is not properly handled during moderation, and 3 the tag parameter to gallery/tags.php...

CVE-2008-6567

Multiple cross-site scripting XSS vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via 1 the e-mail address, 2 a comment, which is not properly handled during moderation, and 3 the tag parameter to gallery/tags.php...

CVE-2008-6098

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."...

CVE-2008-6098

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."...

CVE-2008-6098

CVE-2008-6098 affects Bugzilla variants (e.g., Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and related versions). The vulnerability lets remote authenticated users bypass moderation to approve/disapprove quips via a direct request to quips.cgi with actio...

CVE-2008-6098

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."...

Discuz! moderation.inc.php 数据库'注射'漏洞

在文件include/moderation.inc.php里代码: $threadlist = $loglist = array; if$tids = implodeids$moderate $query = $db-query"SELECT FROM $tableprethreads WHERE tid IN $tids AND fid='$fid' AND displayorder='0' AND digest='0' LIMIT $tpp"; while$thread = $db-fetcharray$query ... $threadlist$thread'tid' =...

addalink <= 4 Write Approved Links Remote Vulnerability

Exploit for unknown platform in category web applications ======================================================= addalink = 4 Write Approved Links Remote Vulnerability =======================================================...

CVE-2008-3966

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via 1 a certain referrer field in usercp2.php, 2 a certain location field in inc/functionsonline.php, and certain 3 tsubject and 4 psubject fiel...

vBulletin 3.7.1 - Moderation Control Panel redirect Cross-Site Scripting

vBulletin 3.7.1 - Moderation Control Panel redirect Cross-Site Scripting source: https://www.securityfocus.com/bid/29817/info vBulletin is prone to a cross-site scripting vulnerability that occurs in the MCP moderation control panel because the application fails to properly sanitize user-supplied...

vBulletin 3.7.1 - Moderation Control Panel &#039;redirect&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/29817/info vBulletin is prone to a cross-site scripting vulnerability that occurs in the MCP moderation control panel because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...

WordPress Core 2.3.1 - Charset SQL Injection

=== WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-12 Source: Abel Cheung Affected version: WordPress = 2.3.1 Exploit type: Remote Risk: Moderate CVE: pending Reference: http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt 1. Summary...

Phorum 5.1.20 - &#039;/include/controlcenter/users.php&#039; Multiple Method Privilege Escalations

source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently...

Sql injection

SQL injection vulnerability in moderation.php in MyBB aka MyBulletinBoard 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter...

CVE-2006-0638

SQL injection vulnerability in moderation.php in MyBB aka MyBulletinBoard 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter...

MyBB 1.0.3 - &#039;moderation.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/16538/info MyBB is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypass authentication and gain administrative access to a site, modify data...