Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21083
HistoryDec 26, 2008 - 12:00 a.m.

Personal Sticky Threads v1.0.3c vbulletin Add-on problem

2008-12-2600:00:00
vulners.com
9
JSON

Personal Sticky Threads is an addon for vbulletin that allows users to create personal stickies. There appears to be a small problem when toggling the personal sticky on a thread you do not have persmission to access.

If I am denied persmission to:

http://forums.somesite.com/showthread.php?t=7

Toggling personal stickies for the thread to on I am able to view the thread title, author, and pages:

http://forums.somesite.com/misc.php?do=togglestick&thread=47

This does not allow me access to the thread but does display information not intended to be viewed by me :)

JSON