[SECURITY] Fedora 17 Update: OpenImageIO-1.0.11-2.fc17

OpenImageIO is a library for reading and writing images, and a bunch of rel ated classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading and writing 2D images that is format agnostic. - Format plugins for TIFF,...

[SECURITY] Fedora 18 Update: OpenImageIO-1.0.11-2.fc18

OpenImageIO is a library for reading and writing images, and a bunch of rel ated classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading and writing 2D images that is format agnostic. - Format plugins for TIFF,...

CVE-2009-3207

The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filenam...

Design/Logic Flaw

The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filenam...

CVE-2009-3206

Multiple cross-site scripting XSS vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-3206

CVE-2009-3206 describes multiple cross-site scripting (XSS) vulnerabilities in the Drupal ImageCache module, affecting 5.x versions prior to 5.x-2.5 and 6.x prior to 6.x-2.0-beta10. The flaws allow remote authenticated users with the "administer imagecache" permission to inject arbitrary web scri...

CVE-2009-3206

Multiple cross-site scripting XSS vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-3207

The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filenam...

CVE-2009-3207

CVE-2009-3207 affects Drupal’s ImageCache module (5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10). The root cause is improper access control for derivative images when the private file system is used, allowing remote attackers to view arbitrary images by crafting a request that specifies an ima...

SA-CONTRIB-2009-051 - ImageCache - Multiple vulnerabilities

ImageCache allows one to setup presets for image processing to create derivatives. ImageCache will dynamically generate a derivative on access if it doesn't exist. Cross site scripting Users with the "administer imagecache" permission are able to execute cross site scripting attacks because the...