I've just found many bugs around access controlling in *newbb*.
-- a moderator can moderate any forums
-- anyone can post into any locked topics
-- anyone can read any posts in the private forums
Though this is not "vulnerabilities", it might be a problem if you rely *newbb*'s access controlling system.
I've just fixed in xhnewbb.
But there are many modules other than xhnewbb based on newbb.
If you are a developer of such a module, check it please.
This is the cause:
structure:
forum - topic_id - post_id
wrong check:
check by 'forum' from request
if someone request unlimited 'forum' and limited 'topic_id'/'post_id', he can do any actions allowed in the unlimited forum.