Lucene search
K

6889 matches found

NVD
NVD
added 2007/03/09 10:19 p.m.29 views

CVE-2007-1368

The Project issue tracking module before 4.7.x-1.3, 4.7.x-2. before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier...

3.5CVSS6.2AI score0.01036EPSS
Exploits0References7
Prion
Prion
added 2007/03/09 10:19 p.m.19 views

Code injection

The Project issue tracking module before 4.7.x-1.3, 4.7.x-2. before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier...

3.5CVSS6.7AI score0.01036EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2007/03/09 10:0 p.m.52 views

CVE-2007-1368

CVE-2007-1368 concerns Drupal’s Project issue tracking module. The advisory notes that versions before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta allow remote authenticated users (with the “access project issues” permission) to read the contents of a private node by requesti...

3.5CVSS6.2AI score0.01036EPSS
Exploits0References7Affected Software1
Packet Storm
Packet Storm
added 2007/03/08 12:0 a.m.24 views

tyger-sqlxss.txt

-=--------------------ADVISORY-------------------=- Tyger Bug Tracking System Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Tyger Bug Tracking System -=+ Version: 1.1.3 -=+ Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=+ Platform:...

7.4AI score
Exploits0
CVE
CVE
added 2007/03/07 12:0 a.m.43 views

CVE-2007-1290

CVE-2007-1290 is a confirmed SQL injection in Tyger Bug Tracking System (TygerBT) 1.1.3. The vulnerability resides in ViewReport.php and allows remote attackers to modify or execute arbitrary SQL via the bug parameter. This is documented in the NVD entry and corroborated by multiple connected rec...

7.5CVSS8.1AI score0.01001EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2007/03/07 12:0 a.m.46 views

CVE-2007-1289

CVE-2007-1289 affects Tyger Bug Tracking System (TygerBT) 1.1.3. The vulnerability is an SQL injection in ViewBugs.php exploitable via the s parameter, enabling remote attackers to execute arbitrary SQL commands. This relates to a flaw in input handling (unsanitized user input) in that component,...

6.4CVSS8.3AI score0.01215EPSS
Exploits1References7Affected Software1
securityvulns
securityvulns
added 2007/03/03 12:0 a.m.58 views

Tyger Bug Tracking System Multiple Vulnerability

-=--------------------ADVISORY-------------------=- Tyger Bug Tracking System Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Tyger Bug Tracking System -=+ Version: 1.1.3 -=+ Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=+ Platform:...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2007/02/26 12:0 a.m.9 views

Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection

Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/02/26 12:0 a.m.19 views

Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/02/26 12:0 a.m.21 views

Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...

7AI score
Exploits0
NVD
NVD
added 2007/01/26 1:28 a.m.20 views

CVE-2007-0534

Multiple cross-site scripting XSS vulnerabilities in the 1 Project issue tracking 4.7.0 through 5.x before 20070123 and 2 Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a certain "fields on project nodes" or...

4.3CVSS5.5AI score0.01223EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/01/26 1:0 a.m.24 views

CVE-2007-0534

Multiple cross-site scripting XSS vulnerabilities in the 1 Project issue tracking 4.7.0 through 5.x before 20070123 and 2 Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a certain "fields on project nodes" or...

5.5AI score0.01223EPSS
Exploits0References6
Prion
Prion
added 2007/01/26 12:28 a.m.13 views

Improper access control

The projectissueaccess function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests...

6CVSS6.6AI score0.01121EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2007/01/26 12:28 a.m.18 views

Unrestricted file upload

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue...

8.5CVSS7.9AI score0.02812EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2007/01/26 12:28 a.m.21 views

CVE-2007-0505

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue...

8.5CVSS7.3AI score0.02812EPSS
Exploits0References6
CVE
CVE
added 2007/01/26 12:0 a.m.57 views

CVE-2007-0506

The CVE-2007-0506 entry concerns Drupal’s Project issue tracking module (versions 4.7.0–5.x before 20070123). The vulnerability allows remote authenticated users to bypass other access control modules and access attached files by guessing filenames, and to retrieve issue information through direc...

6CVSS6.1AI score0.01121EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2007/01/26 12:0 a.m.29 views

CVE-2007-0505

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue...

7.3AI score0.02812EPSS
Exploits0References6
Drupal
Drupal
added 2007/01/23 12:0 a.m.11 views

Project and Project issue tracking - Multiple vulnerabilities

Multiple vulnerabilities have been discovered and fixed in the Project and Project issue tracking modules: Access bypass in Project issue tracking Due to an error in the projectissueaccess function, users with the 'Access project issues' permission would have full access to all issues on a site,...

6.1AI score
Exploits0References12
Cvelist
Cvelist
added 2006/12/20 2:0 a.m.20 views

CVE-2006-6646

Multiple cross-site scripting XSS vulnerabilities in Drupal 1 Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and 2 Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the checkplain function...

5.9AI score0.01146EPSS
Exploits0References4
OSV
OSV
added 2006/11/11 12:0 a.m.22 views

DSA-1208-1 bugzilla

Bulletin has no description...

7.5CVSS6.1AI score0.01868EPSS
Exploits0
Rows per page
Query Builder