31 matches found
EUVD-2007-1364
Malware in sbrugna...
EUVD-2008-0586
Malware in sbrugna...
EUVD-2007-0532
Malware in sbrugna...
EUVD-2007-4419
Malware in sbrugna...
SA-CONTRIB-2009-002 - Project issue tracking - Multiple vulnerabilities
This announcement covers the following two issues for the Project issue tracking module. 1. Under certain conditions, users may receive email updates for issues which they do not have proper access rights to. This issue is mainly a problem for sites that use a contributed node access module,...
CVE-2008-1731
Technical details about CVE-2008-1731 are not publicly provided in the supplied documents. Monitor for updates from related advisories, vendors, or CVE records.
SA-2008-025 - Simple access - Access bypass
The Simple Access module is a node access module that allows administrators to make some nodes private and/or editable by certain user roles. The module contains a flaw that results in the privacy information for a node being lost under certain conditions. These conditions are usually triggered v...
CVE-2008-0576
Cross-site scripting XSS vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote...
Cross site scripting
Cross-site scripting XSS vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote...
CVE-2008-0577
The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal 1 does not restrict the extensions of attached files when the...
CVE-2008-0577
The CVE-2008-0577 entry concerns Drupal’s Project Issue Tracking module (5.x-2.x-dev prior to 20080130; 5.x-1.x prior to 1.2; 4.7.x prior to 2.6/1.6). The description states two vulnerabilities when the Upload module is enabled for issue nodes: (1) it does not restrict extensions of attached file...
CVE-2008-0576
Cross-site scripting XSS vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote...
CVE-2008-0577
The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal 1 does not restrict the extensions of attached files when the...
SA-2008-012 - Project issue tracking - XSS vulnerability in comment summary tables
The Project issue tracking module provides a summary table to show changes in issue states between comments. Users who have certain editing rights may be able to inject arbitrary code on pages containing these tables. Wikipedia has more information about cross site scripting XSS. Versions affecte...
SA-2008-013 - Project issue tracking - Arbitrary file upload
The Project issue tracking module has a vulnerability where new issues are not properly validated. If the core Upload module is enabled on issue nodes the recommended configuration for the 5.x-2. series, this vulnerability can be used to attach malicious files to new issues, regardless of the...
CVE-2007-5228
Cross-site scripting XSS vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web scrip...
Cross site scripting
Cross-site scripting XSS vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web scrip...
CVE-2007-5228
CVE-2007-5228 is a Drupal XSS vulnerability in the subscription functionality of the Project issue tracking module. The issue enables remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors in the (1) individual and (2) ove...
CVE-2007-5228
Cross-site scripting XSS vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web scrip...
SA-2007-021: Project issue tracking - XSS vulnerabilities in subscription forms.
The Project issue tracking module provides a subscription functionality enabling users to sign up for e-mail notification of issue updates. The subscriptions can be edited on both an individual or overview form. Users who have permissions to create or edit projects may be able to inject arbitrary...