36 matches found
EUVD-2007-4419
Malware in sbrugna...
EUVD-2008-0586
Malware in sbrugna...
EUVD-2007-0532
Malware in sbrugna...
EUVD-2007-1364
Malware in sbrugna...
EUVD-2014-8596
Malware in sbrugna...
CVE-2025-53073
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...
CVE-2025-53073
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions such as adding a comment without being a member of the project's team. A seven-digit issue ID must be known it is not treated as a secret and might be mentioned...
CVE-2022-3066
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project...
Drupal Project Issue File Review模块HTML注入漏洞
Bugtraq ID:65830 Drupal是一套开放源码的内容管理平台。 Drupal Project Issue File Review存在跨站脚本漏洞,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 Drupal Project Issue File Review 6.x-2.0 厂商补丁: Drupal ----- Drupal Project Issue File Review 6.x-2.17已经修复该漏洞,建议用户下载更新: http://drupal.org/project/projectissuefilerev...
SA-CONTRIB-2009-002 - Project issue tracking - Multiple vulnerabilities
This announcement covers the following two issues for the Project issue tracking module. 1. Under certain conditions, users may receive email updates for issues which they do not have proper access rights to. This issue is mainly a problem for sites that use a contributed node access module,...
CVE-2008-1731
Technical details about CVE-2008-1731 are not publicly provided in the supplied documents. Monitor for updates from related advisories, vendors, or CVE records.
SA-2008-025 - Simple access - Access bypass
The Simple Access module is a node access module that allows administrators to make some nodes private and/or editable by certain user roles. The module contains a flaw that results in the privacy information for a node being lost under certain conditions. These conditions are usually triggered v...
CVE-2008-0576
Cross-site scripting XSS vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote...
Cross site scripting
Cross-site scripting XSS vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote...
CVE-2008-0577
The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal 1 does not restrict the extensions of attached files when the...
CVE-2008-0577
The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal 1 does not restrict the extensions of attached files when the...
CVE-2008-0576
Cross-site scripting XSS vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote...
CVE-2008-0577
The CVE-2008-0577 entry concerns Drupal’s Project Issue Tracking module (5.x-2.x-dev prior to 20080130; 5.x-1.x prior to 1.2; 4.7.x prior to 2.6/1.6). The description states two vulnerabilities when the Upload module is enabled for issue nodes: (1) it does not restrict extensions of attached file...
SA-2008-013 - Project issue tracking - Arbitrary file upload
The Project issue tracking module has a vulnerability where new issues are not properly validated. If the core Upload module is enabled on issue nodes the recommended configuration for the 5.x-2. series, this vulnerability can be used to attach malicious files to new issues, regardless of the...
SA-2008-012 - Project issue tracking - XSS vulnerability in comment summary tables
The Project issue tracking module provides a summary table to show changes in issue states between comments. Users who have certain editing rights may be able to inject arbitrary code on pages containing these tables. Wikipedia has more information about cross site scripting XSS. Versions affecte...