Vulnerabilities for Project issue tracking module (...) - CXSECURITY.COM

Vulnerabilities for 'Project issue tracking module'

2008-02-04

CVE-2008-0577

CWE-264

The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML.

CVE-2008-0576

CWE-79

Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages.

2007-08-20

CVE-2007-4436

CWE-264

The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.

2007-01-25

CVE-2007-0534

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."

CVE-2007-0506

The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.

CVE-2007-0505

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.

>>> Vendor: Drupal 148 Products

Form mail module

Bibliography module

Drupal easylinks module

Drupal e-commerce module

Drupal pathauto module

Drupal pubcookie module

Drupal userreview module

Search keyword module

Site profile directory module

Extended tracker

Cvs management and tracker

Chatroom module

Help tip module

Drupal project issue tracking

Project issue tracking module

Secure site module

Mediafield module

Database administration module

Logintoboggan module

Content construction kit

Asin field module

E-commerce module

Fullname field for cck

Node relativity module

Pathauto module

Paypal node module

Ubercart module

Meta tags module

Fileshare module

Comment upload module

Userpoints module

Internationalization

Site documentation module

Node hierarchy module

Magic tabs module

Taxonomy image module

Trailscout module

Aggregation module

Taxonomy autotagger module

Organic groups module

Outline designer module

Tinytax taxonomy block module

Suggested terms module

Brilliant gallery

Shindig-integrator

Semantically interconnected online communities

Localization client

Localization server

User karma module

Views bulk operations

Protected node module

Taxonomy theme module

Cck comment reference

Nodeaccess userreference

See all Products for Vendor Drupal

Copyright 2024, cxsecurity.com