Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/53896
http://www.vupen.com/english/advisories/2009/2998
http://www.securityfocus.com/bid/36786