CVE-2008-2999

The CVE-2008-2999 entry concerns a Drupal Aggregation module vulnerability in the 5.x line prior to 5.x-4.4. The issue is a SQL injection in the Aggregation module that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Affected software is Drupal with the Aggregat...

CVE-2008-2998

CVE-2008-2998 affects the Drupal Aggregation module (5.x) vulnerable before version 5.x-4.4. The vulnerability enables remote XSS via unspecified vectors in this module, allowing injection of arbitrary script/HTML. Impact is remote user interaction is not required, with partial integrity impact a...

CVE-2008-3000

The vulnerability CVE-2008-3000 affects Drupal’s Aggregation module (5.x) prior to 5.x-4.4 when node access modules are enabled. The issue is a faulty access-control implementation that may allow remote attackers to bypass restrictions and access areas they should not reach. The description and m...

CVE-2008-3001

CVE-2008-3001 affects Drupal’s Aggregation module (5.x) prior to 5.x-4.4. A crafted feed enables uploading files with arbitrary extensions, which could lead to remote code execution. Impact is described as remote attacker access with potentially complete compromise. A patch is available in 5.x-4....