6 matches found
EUVD-2022-2500
Malicious code in bioql PyPI...
CVE-2005-4853
The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings...
Valve: Read Access to all comments on unauthorized forums' discussions! IDOR!
hi, For a forum's discussion, only moderator+ ranks are allowed to view comments which have been deleted by a officer/moderator . I have found an issue where a member who is not allowed to view deleted comments can get read access to the deleted comments on a forum's discussion. Also, a non-membe...
CVE-2006-5729
The CVE-2006-5729 entry concerns Yazd Discussion Forum prior to version 3.0 beta, where a mismanaged permission model allows remote authenticated users to (1) reply to a message in an arbitrary forum if they can create a message in any forum, and (2) perform certain unauthorized forum actions due...
CVE-2006-5729
Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to 1 reply to a message in an arbitrary forum, if authorized to create a message in any forum; and 2 perform certain unauthorized forum actions, related to an "error in how th...
e107 0.6 forum_post.php create new topics in non-existing forums
Hello, The e107 is an open-source, PHP and SQL based portal and content management system1. The user Tron2 of my website3 has detected an issue in forumpost.php. If you want to create a new topic you will get to forumpost.php?nt.13 where an integer the id of the forum represents. Because there is...