oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: drupal 5.10/6.4

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 20 Aug 2008 12:04:28 -0400 (EDT)

On Fri, 15 Aug 2008, Hanno [utf-8] B??ck wrote:


http://drupal.org/node/295053


Use the following, to be filled in later:

CVE-2008-3740 - first XSS

CVE-2008-3741 - second XSS.  This has a different root cause so is SPLIT.

CVE-2008-3742 - BlogAPI file uploads

CVE-2008-3743 - first CSRF, for 6.x only

CVE-2008-3744 - second CSRF, for 6.x/5.x (different affected versions so
                SPLIT)

CVE-2008-3745 - Upload module priv escalation


- Steve
Previous By Date Next
Previous By Thread Next

Current thread: