CVE-2007-0506

The CVE-2007-0506 entry concerns Drupal’s Project issue tracking module (versions 4.7.0–5.x before 20070123). The vulnerability allows remote authenticated users to bypass other access control modules and access attached files by guessing filenames, and to retrieve issue information through direc...

CVE-2007-0534

CVE-2007-0534 affects Drupal modules Project issue tracking (versions 4.7.0–5.x before 20070123) and Project (versions 4.6.0–5.x before 20070123). Vulnerability: cross-site scripting (XSS) via (a) certain fields on project nodes and (b) certain project-specific issue-tracking settings, enabling r...

CVE-2007-0505

CVE-2007-0505 describes an unrestricted file upload vulnerability in the Drupal module for Project issue tracking, affecting 4.7.0 through 5.x before 20070123. The issue allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a pro...

CVE-2007-4436

CVE-2007-4436 (Drupal Project/Project issue tracking modules) . The provided records confirm a permission- enforcement flaw in the Drupal Project module (versions before 5.x-1.0, 4.7.x-2.3/1.3) and the Project issue tracking module (before 5.x-1.0, 4.7.x-2.4/1.4). The root cause is improper permi...