singapore 0.9.11 - Cross-Site Scripting via Gallery Parameter
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
php-fusion 4.x - Unauthenticated Protected Forum Access via thread_id Parameter
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.