Design/Logic Flaw

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...

CVE-2010-0682

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...

CVE-2010-0682

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...

CVE-2010-0682

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...

CVE-2010-0682

WordPress 2.9.x is affected: before 2.9.2, remote authenticated users could read trash posts from other authors via a direct request using a modified p parameter (CVE-2010-0682). Fedora/OpenVAS advisories document this issue and indicate that upgrading to upstream WordPress 2.9.2 fixes it (with C...

CVE-2010-0682

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...

CVE-2010-0682

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...

WordPress Core 2.9 - Failure to Restrict URL Access

WordPress = 2.9 Failure to Restrict URL Access http://www.thomasmackenzie.co.uk/ 1. Advisory Information Title: WordPress = 2.9 Failure to Restrict URL Access Date published: 2. Vulnerability Information Class: Failure to Restrict URL Access Remotely Exploitable: Yes Locally Exploitable: Yes 3...

PT-2009-6201 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.12 PHP versions 5.3.x prior to 5.3.1 Description: The issue allows remote attackers to cause a denial of service due to resource exhaustion by creating multiple temporary files when handling a multipart/form-data POS...

CVE-2008-6650

del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified postid parameter, a different vulnerability than CVE-2008-4628...

Moodle CMS Multiple Vulnerabilities

This host is running Moodle CMS and is prone to Multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: gbmoodlecmsmultvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Moodle CMS Multiple Vulnerabilities Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Networks GmbH,...

EZ-Blog beta1 - Delete All Posts SQL Injection

EZ-Blog beta1 - Delete All Posts SQL Injection Salvatore "drosophila" Fresta Application: EZ-Blog http://sourceforge.net/projects/ez-blog/ Version: Beta 1 Bug: Multiple SQL Injection Exploitation: Remote Date: 1 Mar 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila"...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php...

CVE-2009-0499

Cross-site request forgery CSRF vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php...

CVE-2009-0383

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request...

CVE-2009-0383

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request...

CVE-2008-5846

Six Apart Movable Type MT before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."...

CVE-2008-5846

Six Apart Movable Type MT before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."...

MyBB 1.4.3 my_post_key Disclosure Vulnerability

MyBB 1.4.3 mypostkey Disclosure Vulnerability by NBBN http://nbbnsblog.co.cc Vendor: http://mybboard.net Date: November 25, 2008 These URLs contains "mypostkey". Moderators and admins use these sometimes, depending on what they want to do with a thread. mypostkey is used to perform various action...

Unfixed XSS vulnerability at darkstar.me.uk

Security researcher C1c4Tr1Z, has submitted on 11/07/2008 a cross-site-scripting XSS vulnerability affecting darkstar.me.uk, which at the time of submission ranked 8418439 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/07/2008. It is...