SA-2007-030 - Drupal Core - API handling of unpublished comment.

The publication status of comments is not passed during the hookcomments API operation, causing various modules that rely on the publication status such as Organic groups, or Subscriptions to mail out unpublished comments. Versions affected Drupal 4.7.x before version 4.7.8 Drupal 5.x before...

Design/Logic Flaw

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

Print - Access bypass

Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control,...

Assign Groups to Project Role screen allows entry of users as groups

When assigning groups to a project role, the screen allows the user to specify a group that is really a user name...

Assign Groups to Project Role screen allows entry of users as groups

When assigning groups to a project role, the screen allows the user to specify a group that is really a user name...

CVE-2007-2339

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via 1 a modified recipients parameter name in a pm.php; 2 the curr parameter to the b badwords aka censorlist or c banlist module in admin.php; or 3 the "Edit groups / Add group...

Phorum 5.1.20 - admin.php?module[] Full Path Disclosure

Phorum 5.1.20 - admin.php?module Full Path Disclosure source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting...

Ettercap-NG 0.7.3 - Remote Denial of Service

/ WARNING WARNING WARNING THIS PACKAGE CONTAINS AN 0DAY. NO ONE CAN BE HELD RESPONSIBLE IF THIS CODE RAPES YOUR SISTER OR MOLESTS YOUR DOG. WARNING WARNING WARNING THE ONE PACKET ETTERCAP KILLER NOW IN A SMALLER PACKAGE! If you want to know how this works then figure it out yourself. Tested with...

Information disclosure

The TRUSTEDSYSTEMSECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague...

Mambo Component nfnaddressbook 0.4 - Remote File Inclusion

Mambo Component nfnaddressbook 0.4 - Remote File Inclusion MAMBO & Joomla NFN Address Book v0.4 nfnaddressbook.php Remote File Include Vulnerabilities script : http://mamboxchange.com/frs/download.php/8191/comnfnaddressbook.zip About : The NFN Address Book manages lists of contacts that can be...

Mambo Component nfnaddressbook 0.4 - Remote File Inclusion

MAMBO & Joomla NFN Address Book v0.4 nfnaddressbook.php Remote File Include Vulnerabilities script : http://mamboxchange.com/frs/download.php/8191/comnfnaddressbook.zip About : The NFN Address Book manages lists of contacts that can be split into groups and allows for hiding of private contacts...

Mambo Component nfnaddressbook 0.4 Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ====================================================================== Mambo Component nfnaddressbook 0.4 Remote File Inclusion Vulnerability ====================================================================== MAMBO & Joomla NFN Address...

CVE-2007-0557

rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536...

Design/Logic Flaw

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges...

CVE-2007-0536

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges...

CVE-2006-3811

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via Javascript that leads to memory corruption, including 1...

CVE-2006-3811

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via Javascript that leads to memory corruption, including 1...

Design/Logic Flaw

utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action...

CVE-2006-2737

utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action...