CVE-2007-0506

The CVE-2007-0506 entry concerns Drupal’s Project issue tracking module (versions 4.7.0–5.x before 20070123). The vulnerability allows remote authenticated users to bypass other access control modules and access attached files by guessing filenames, and to retrieve issue information through direc...

CVE-2007-0534

CVE-2007-0534 affects Drupal modules Project issue tracking (versions 4.7.0–5.x before 20070123) and Project (versions 4.6.0–5.x before 20070123). Vulnerability: cross-site scripting (XSS) via (a) certain fields on project nodes and (b) certain project-specific issue-tracking settings, enabling r...

CVE-2008-0576

The CVE-2008-0576 entry describes a Cross-site scripting (XSS) vulnerability in Drupal’s Project Issue Tracking module (versions 5.x-2.x-dev before 20080130; 5.x-1.x series up to 1.2; 4.7.x up to 2.6/1.6) where remote authenticated users can inject arbitrary web script or HTML via unspecified vec...

CVE-2007-0505

CVE-2007-0505 describes an unrestricted file upload vulnerability in the Drupal module for Project issue tracking, affecting 4.7.0 through 5.x before 20070123. The issue allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a pro...

CVE-2007-4436

CVE-2007-4436 (Drupal Project/Project issue tracking modules) . The provided records confirm a permission- enforcement flaw in the Drupal Project module (versions before 5.x-1.0, 4.7.x-2.3/1.3) and the Project issue tracking module (before 5.x-1.0, 4.7.x-2.4/1.4). The root cause is improper permi...

CVE-2008-0577

The CVE-2008-0577 entry concerns Drupal’s Project Issue Tracking module (5.x-2.x-dev prior to 20080130; 5.x-1.x prior to 1.2; 4.7.x prior to 2.6/1.6). The description states two vulnerabilities when the Upload module is enabled for issue nodes: (1) it does not restrict extensions of attached file...