MyBB 1.4.3 my_post_key Disclosure Vulnerability

MyBB 1.4.3 mypostkey Disclosure Vulnerability by NBBN http://nbbnsblog.co.cc Vendor: http://mybboard.net Date: November 25, 2008 These URLs contains "mypostkey". Moderators and admins use these sometimes, depending on what they want to do with a thread. mypostkey is used to perform various action...

Unfixed XSS vulnerability at darkstar.me.uk

Security researcher C1c4Tr1Z, has submitted on 11/07/2008 a cross-site-scripting XSS vulnerability affecting darkstar.me.uk, which at the time of submission ranked 8418439 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/07/2008. It is...

CVE-2008-2793

SQL injection vulnerability in groupposts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter...

DEBIAN-CVE-2008-0664

The XML-RPC implementation xmlrpc.php in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors...

CVE-2008-0664

The XML-RPC implementation xmlrpc.php in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors...

WordPress 2.3.1 - Unauthorized Post Access

WordPress 2.3.1 - Unauthorized Post Access source: https://www.securityfocus.com/bid/26885/info WordPress is prone to a vulnerability that lets unauthorized users read draft posts before they have been published. This issue affects WordPress 2.3.1; other versions may also be affected. NOTE: This...

CVE-2007-5710

Cross-site scripting XSS vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the postscolumns array parameter...

DEBIAN-CVE-2007-5710

Cross-site scripting XSS vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the postscolumns array parameter...

CVE-2007-5710

Cross-site scripting XSS vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the postscolumns array parameter...

jspwiki-xss.txt

Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...

Code injection

The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to 1 obtain sensitive via the Tracker Module and the Recent posts page; 2 obtain project...

Project and Project issue tracking - Access bypass

The Project and Project issue tracking modules provide a series of permissions to control access to projects and issues: "access projects", "access own projects", "access project issues" and "access own project issues". While these permissions correctly prevent users from viewing the entire proje...

Design/Logic Flaw

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3689

The CVE-2007-3689 issue affects Drupal’s Print module (pre-4.7-1.0 and pre-5.x-1.2). The underlying flaw allows remote attackers to read restricted posts via modified URL arguments in node access modules such as Organic Groups, Taxonomy Access Control, and Taxonomy Access Lite (and others). This ...

CVE-2007-3690

CVE-2007-3690 affects Drupal’s Forward module (before 4.7-1.1 and before 5.x-1.0 for 5.x) where remote attackers can read restricted posts in modules such as Organic Groups, Taxonomy Access Control, and Taxonomy Access Lite by supplying modified URL arguments. The vulnerability is a cross-module ...

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

NavBoard 2.6.0 - Remote Code Execution

"; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input ty...