oss-sec mailing list archives
Re: CVE requests: drupal and phpbb
From: "Steven M. Christey" <coley () linus mitre org>
Date: Sat, 12 Apr 2008 15:44:31 -0400 (EDT)
====================================================== Name: CVE-2008-1729 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1729 Reference: CONFIRM:http://drupal.org/node/244637 Reference: BID:28714 Reference: URL:http://www.securityfocus.com/bid/28714 Reference: SECUNIA:29762 Reference: URL:http://secunia.com/advisories/29762 The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. ====================================================== Name: CVE-2008-1766 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1766 Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
Current thread:
- CVE requests: drupal and phpbb Hanno Böck (Apr 10)
- Re: CVE requests: drupal and phpbb Steven M. Christey (Apr 12)