208 matches found
Unrestricted file upload
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue...
Improper access control
The projectissueaccess function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests...
CVE-2007-0506
The CVE-2007-0506 entry concerns Drupal’s Project issue tracking module (versions 4.7.0–5.x before 20070123). The vulnerability allows remote authenticated users to bypass other access control modules and access attached files by guessing filenames, and to retrieve issue information through direc...
CVE-2007-0505
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue...
Project and Project issue tracking - Multiple vulnerabilities
Multiple vulnerabilities have been discovered and fixed in the Project and Project issue tracking modules: Access bypass in Project issue tracking Due to an error in the projectissueaccess function, users with the 'Access project issues' permission would have full access to all issues on a site,...
CVE-2006-6646
Multiple cross-site scripting XSS vulnerabilities in Drupal 1 Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and 2 Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the checkplain function...
MySQL Eventum Multiple flaws
The remote host seems to be running MySQL Eventum, a user-friendly and flexible issue tracking system written in PHP. The remote version of this software is vulnerable to cross-site scripting attacks, through multiple scripts. With a specially crafted URL, an attacker can use the remote server to...
CVE-2025-53162
...