CVE-2008-0664

The XML-RPC implementation xmlrpc.php in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors...

WordPress 2.3.1 - Unauthorized Post Access

WordPress 2.3.1 - Unauthorized Post Access source: https://www.securityfocus.com/bid/26885/info WordPress is prone to a vulnerability that lets unauthorized users read draft posts before they have been published. This issue affects WordPress 2.3.1; other versions may also be affected. NOTE: This...

DEBIAN-CVE-2007-5710

Cross-site scripting XSS vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the postscolumns array parameter...

CVE-2007-5710

Cross-site scripting XSS vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the postscolumns array parameter...

CVE-2007-5710

Cross-site scripting XSS vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the postscolumns array parameter...

jspwiki-xss.txt

Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...

Code injection

The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to 1 obtain sensitive via the Tracker Module and the Recent posts page; 2 obtain project...

Project and Project issue tracking - Access bypass

The Project and Project issue tracking modules provide a series of permissions to control access to projects and issues: "access projects", "access own projects", "access project issues" and "access own project issues". While these permissions correctly prevent users from viewing the entire proje...

Design/Logic Flaw

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

CVE-2007-3690 affects Drupal’s Forward module (before 4.7-1.1 and before 5.x-1.0 for 5.x) where remote attackers can read restricted posts in modules such as Organic Groups, Taxonomy Access Control, and Taxonomy Access Lite by supplying modified URL arguments. The vulnerability is a cross-module ...

CVE-2007-3689

The CVE-2007-3689 issue affects Drupal’s Print module (pre-4.7-1.0 and pre-5.x-1.2). The underlying flaw allows remote attackers to read restricted posts via modified URL arguments in node access modules such as Organic Groups, Taxonomy Access Control, and Taxonomy Access Lite (and others). This ...

NavBoard 2.6.0 - Remote Code Execution

"; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input ty...

CVE-2007-1893

xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publishposts functionality, which can be used to "publish a previously saved post."...

WordPress <= 2.1.2 - Security BYPASS

The authenticated users with the contributor role can bypass intended access restrictions and invoke the publishposts functionality. Solution Update the WordPress to the latest available version at least 2.1.3...

CVE-2006-7188

The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info'forum' variable...

CVE-2006-7188

The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info'forum' variable...