CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

Design/Logic Flaw

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

CVE-2007-3690

CVE-2007-3690 affects Drupal’s Forward module (before 4.7-1.1 and before 5.x-1.0 for 5.x) where remote attackers can read restricted posts in modules such as Organic Groups, Taxonomy Access Control, and Taxonomy Access Lite by supplying modified URL arguments. The vulnerability is a cross-module ...

CVE-2007-3689

The CVE-2007-3689 issue affects Drupal’s Print module (pre-4.7-1.0 and pre-5.x-1.2). The underlying flaw allows remote attackers to read restricted posts via modified URL arguments in node access modules such as Organic Groups, Taxonomy Access Control, and Taxonomy Access Lite (and others). This ...

NavBoard 2.6.0 - Remote Code Execution

"; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input ty...

CVE-2007-1893

xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publishposts functionality, which can be used to "publish a previously saved post."...

WordPress <= 2.1.2 - Security BYPASS

The authenticated users with the contributor role can bypass intended access restrictions and invoke the publishposts functionality. Solution Update the WordPress to the latest available version at least 2.1.3...

CVE-2006-7188

The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info'forum' variable...

CVE-2006-7188

The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info'forum' variable...

CVE-2006-7188

The CVE-2006-7188 entry concerns WebAPP by web-app.net. Affected component: the search.pl in cgi-lib/user-lib. Before 20060909, remote attackers could read internal forum posts by crafting certain requests, with the issue possibly tied to the $info{'forum'} variable. The provided sources confirm ...

Old-fashioned fruit machines to dig division techniques-vulnerability warning-the black bar safety net

The first pressure pounds, no matter front there is no people lose money BAR binary 3 7 watermelon bells papaya orange Apple Pressure note amount: 0 0 0 0 2 1 2 8 This pressure of the object is the washing machine, make it into a certain mode, the beginning of such pressure, will not lose many...

CVE-2006-6283

Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of 1 a private message PM or 2 a bulletin board post...

phpBB User Viewed Posts Tracker模块phpbb_root_path变量远程文件包含漏洞

phpBB是一种用PHP语言实现的基于Web的开放源码论坛程序，使用较为广泛。它支持多种数据库作为后端，如Oracle、MSSQL、MySql、PostGres等等。 phpBB的User Viewed Posts Tracker模块在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 phpBB的User Viewed Posts Tracker模块没有正确地验证phpbbrootpath参数的输入，允许攻击者通过包含本地或外部资源的任意文件导致执行任意PHP代码。漏洞代码如下： includeonce$phpbbrootpath...

Debian DSA-899-1 : egroupware - programming errors

Several vulnerabilities have been discovered in egroupware, a web-based groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems in phpsysinfo, which are also...

phpbbViewed10.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= phpBB User Viewed Posts Tracker Version = 1.0 phpbbrootpath File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Discovered by XORONturkish...

CVE-2006-5223

CVE-2006-5223 : Affected product: Nivisec User Viewed Posts Tracker module for phpBB (version 1.0 and earlier). Vulnerability : PHP remote file inclusion in includes/functions_user_viewed_posts.php via a URL supplied to the phpbb_root_path parameter, enabling remote PHP code execution. Impact : a...

CVE-2006-5223

PHP remote file inclusion vulnerability in includes/functionsuserviewedposts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...