Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such ...

admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and sp...