CVE-2026-33398

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

CVE-2026-33398

NamelessMC 2.2.4 is affected by an insecure access control in modules/Forum/pages/forum/get_quotes.php, which only checks that a caller is logged in and reads a post by an attacker-controlled post ID. The backend helper in modules/Forum/classes/Forum.php does not enforce forum or topic ACLs, allo...

EUVD-2026-33949

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

EUVD-2010-3695

Malware in sbrugna...

CVE-2025-58597

Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through = 2.4.6...

CVE-2022-25091

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature...

CVE-2021-32472

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected...

CVE-2010-3713

rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed...

Forum Access - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-035

This module changes your forum administration page to allow you to set forums private. You can control what user roles can view, edit, delete, and post to each forum. You can also give each forum a list of users who have administrative access on that forum AKA moderators. This module requires the...

DRUPAL-CONTRIB-2019-046

In certain circumstances it is possible that certain forum information is available to unprivileged users because the access check is done with node access instead of grants. This vulnerability is mitigated by the fact that the module itself does not disclose information but only if there are...

Privilege Escalation

Moodle is vulnerable to privilege escalation attacks. The attacks exist because getforumdiscussions in mod/forum/externallib.php does not check for group permissions, allowing any authenticated users without permissions to get forum access...

The vulnerability of the Moodle learning management system allows a hacker to modify data within arbitrary groups.

The vulnerability of the Moodle learning management system’s Forum module is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to modify data within arbitrary groups, thereby increasing their own influence as “teachers”...

Moodle 2.7.x < 2.7.10 / 2.8.x < 2.8.8 / 2.9.x < 2.9.2 Multiple Vulnerabilities

Binary data 8969.prm...

Design/Logic Flaw

mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forumgetdiscussions web service...

CVE-2014-7834

mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forumgetdiscussions web service...

Mandriva Linux Security Advisory : drupal (MDVSA-2013:074)

Updated drupal packages fix security vulnerabilities : Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain...

vBulletin Announcements Cookie Steal Vulnerability

If you get access to a forum with an acc that only has default acp, you can get all users information by creating a cookie stealer in announcements. vBulletin Announcements, by default has html enabled, so if you get access to a forum using other exploits and get a user with acp info, but it only...

snitz-sql.txt

WwW.BugReport.IR AmnPardaz Security Research & Penetration Testing Group Title: A user can gain admin level in snitz 2000 by SQL Injection vendor: http://forum.snitz.com/ Googling: "Powered by Snitz" 2,440,000 victims Last bug report in 2007-02-16 with 4692 visitors Exploit: Available Fix...

vBulletin Mod RPG Inferno 2.4 - &#039;inferno.php&#039; SQL Injection

--==+================================================================================+==-- --==+ RPG Inferno v2.4 SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE:...