RSS   Podatności dla 'Project issue tracking module'   RSS

2008-02-04
 
CVE-2008-0577

CWE-264
 

 
The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML.

 
 
CVE-2008-0576

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages.

 
2007-08-20
 
CVE-2007-4436

CWE-264
 

 
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.

 
2007-01-25
 
CVE-2007-0534

 

 
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."

 
 
CVE-2007-0506

 

 
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.

 
 
CVE-2007-0505

 

 
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.

 

 >>> Vendor: Drupal 148 Produkty
Project
Shoutbox
Drupal
TALK
FAQ
E-publish
Workflow
Form mail module
Job search
Bibliography module
Recipe module
Drupal easylinks module
Drupal e-commerce module
Drupal pathauto module
Drupal pubcookie module
Drupal userreview module
Search keyword module
Site profile directory module
Extended tracker
Cvs management and tracker
Chatroom module
Help tip module
Drupal project
Drupal project issue tracking
Drupal mysite
Imce module
Project issue tracking module
Acidfree
Textimage
Secure site module
Audio module
Getid3
Mediafield module
Nodefamily
Openid
Database administration module
Print module
Forward module
Logintoboggan module
Content construction kit
Commons
Storm
Weblinks
Asin field module
E-commerce module
Fullname field for cck
Invite module
Node relativity module
Pathauto module
Paypal node module
Token module
Ubercart module
Feature module
Meta tags module
Bueditor
Atom module
Fileshare module
Archive module
Comment upload module
Userpoints module
Header image
Webform module
Internationalization
Localizer
Site documentation module
Node hierarchy module
Magic tabs module
Taxonomy image module
Trailscout module
Aggregation module
Taxonomy autotagger module
Organic groups module
Outline designer module
Tinytax taxonomy block module
Suggested terms module
Upload module
Mailsave
Mailhandler
Link to us
Brilliant gallery
Shindig-integrator
Node clone
Stock module
Ajax checklist
Views
Everyblog
Semantically interconnected online communities
Localization client
Localization server
User karma module
Comment mail
QUIZ
Views bulk operations
Link module
Protected node module
Taxonomy theme module
Tasklist
Plus1
Print
Feedapi mapper
Zobacz wszystkie produkty dla producenta Drupal


Copyright 2024, cxsecurity.com

 

Back to Top