MidnightBSD

Advisories for nathan_haug

CVE-2013-2129 MEDIUM

Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
nathan_haug webform 6.x-3.14
nathan_haug webform 6.x-3.5
nathan_haug webform 6.x-3.3
nathan_haug webform 6.x-3.4
nathan_haug webform 6.x-3.15
nathan_haug webform *
nathan_haug webform 6.x-3.11
nathan_haug webform 6.x-3.7
nathan_haug webform 6.x-3.0
nathan_haug webform 6.x-3.17
nathan_haug webform 6.x-3.16
nathan_haug webform 6.x-3.9
nathan_haug webform 6.x-3.12
nathan_haug webform 6.x-3.x
nathan_haug webform 6.x-3.8
nathan_haug webform 6.x-3.13
nathan_haug webform 6.x-3.6
nathan_haug webform 6.x-3.2
nathan_haug webform 6.x-3.1
nathan_haug webform 6.x-3.10
CVE-2013-4502 MEDIUM

The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nathan_haug filefield_sources 7.x-1.8
nathan_haug filefield_sources 6.x-1.5
nathan_haug filefield_sources 6.x-1.6
nathan_haug filefield_sources 6.x-1.8
nathan_haug filefield_sources 7.x-1.5
nathan_haug filefield_sources 7.x-1.6
nathan_haug filefield_sources 6.x-1.3
nathan_haug filefield_sources 6.x-1.4
nathan_haug filefield_sources 7.x-1.x
nathan_haug filefield_sources 6.x-1.2
nathan_haug filefield_sources 7.x-1.4
nathan_haug filefield_sources 6.x-1.0
nathan_haug filefield_sources 6.x-1.1
nathan_haug filefield_sources 7.x-1.2
nathan_haug filefield_sources 7.x-1.7
nathan_haug filefield_sources 6.x-1.7
nathan_haug filefield_sources 7.x-1.3