Lucene search
+L

208 matches found

Prion
Prion
added 2007/01/26 12:28 a.m.18 views

Unrestricted file upload

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue...

8.5CVSS7.9AI score0.02812EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2007/01/26 12:28 a.m.14 views

Improper access control

The projectissueaccess function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests...

6CVSS6.6AI score0.01121EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2007/01/26 12:0 a.m.58 views

CVE-2007-0506

The CVE-2007-0506 entry concerns Drupal’s Project issue tracking module (versions 4.7.0–5.x before 20070123). The vulnerability allows remote authenticated users to bypass other access control modules and access attached files by guessing filenames, and to retrieve issue information through direc...

6CVSS6.1AI score0.01121EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2007/01/26 12:0 a.m.31 views

CVE-2007-0505

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue...

7.3AI score0.02812EPSS
Exploits0References6
Drupal
Drupal
added 2007/01/23 12:0 a.m.12 views

Project and Project issue tracking - Multiple vulnerabilities

Multiple vulnerabilities have been discovered and fixed in the Project and Project issue tracking modules: Access bypass in Project issue tracking Due to an error in the projectissueaccess function, users with the 'Access project issues' permission would have full access to all issues on a site,...

6.1AI score
Exploits0References12
Cvelist
Cvelist
added 2006/12/20 2:0 a.m.22 views

CVE-2006-6646

Multiple cross-site scripting XSS vulnerabilities in Drupal 1 Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and 2 Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the checkplain function...

5.9AI score0.01204EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.9 views

MySQL Eventum Multiple flaws

The remote host seems to be running MySQL Eventum, a user-friendly and flexible issue tracking system written in PHP. The remote version of this software is vulnerable to cross-site scripting attacks, through multiple scripts. With a specially crafted URL, an attacker can use the remote server to...

7.1AI score
Exploits0References1
Cvelist
Cvelist
added 1976/01/01 12:0 a.m.8 views

CVE-2025-53162

...

Exploits0
Rows per page
Query Builder