RSS   Vulnerabilities for 'Project'   RSS

2007-08-20
 
CVE-2007-4436

CWE-264
 

 
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.

 
2007-01-25
 
CVE-2007-0534

 

 
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."

 
 
CVE-2007-0506

 

 
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.

 
 
CVE-2007-0505

 

 
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.

 

 >>> Vendor: Drupal 139 Products
Drupal
Form mail module
Job search
Bibliography module
Recipe module
Drupal easylinks module
Drupal e-commerce module
Drupal pathauto module
Drupal pubcookie module
Drupal userreview module
Search keyword module
Site profile directory module
Extended tracker
Cvs management and tracker
Chatroom module
Help tip module
Drupal project
Drupal project issue tracking
Drupal mysite
Imce module
Project
Project issue tracking module
Acidfree
Textimage
Secure site module
Audio module
Getid3
Mediafield module
Nodefamily
Database administration module
Print module
Forward module
Logintoboggan module
Content construction kit
Weblinks
Asin field module
E-commerce module
Fullname field for cck
Invite module
Node relativity module
Pathauto module
Paypal node module
Token module
Ubercart module
Shoutbox
Feature module
Meta tags module
Bueditor
Atom module
Fileshare module
Archive module
Workflow
Comment upload module
Openid
Userpoints module
Header image
Webform module
Internationalization
Localizer
E-publish
Site documentation module
Node hierarchy module
Magic tabs module
Taxonomy image module
Trailscout module
Aggregation module
Taxonomy autotagger module
Organic groups module
Outline designer module
Tinytax taxonomy block module
Suggested terms module
Upload module
Mailsave
Mailhandler
Link to us
TALK
Brilliant gallery
Shindig-integrator
Node clone
Stock module
Ajax checklist
Views
Everyblog
Semantically interconnected online communities
Localization client
Localization server
User karma module
Storm
Comment mail
Views bulk operations
Link module
Protected node module
Taxonomy theme module
Tasklist
Plus1
Print
Feedapi mapper
Cck comment reference
News page
Nodeaccess userreference
See all Products for Vendor Drupal


Copyright 2018, cxsecurity.com

 

Back to Top