Date: Sat, 12 Apr 2008 15:44:31 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: Hanno Böck <hanno@...eck.de> cc: "Steven M. Christey" <coley@...us.mitre.org>, oss-security@...ts.openwall.com Subject: Re: CVE requests: drupal and phpbb ====================================================== Name: CVE-2008-1729 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1729 Reference: CONFIRM:http://drupal.org/node/244637 Reference: BID:28714 Reference: URL:http://www.securityfocus.com/bid/28714 Reference: SECUNIA:29762 Reference: URL:http://secunia.com/advisories/29762 The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. ====================================================== Name: CVE-2008-1766 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1766 Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.