MidnightBSD

Advisories for yves_chedemois

CVE-2010-2352 MEDIUM

The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
karen_stevenson cck 5.x-1.x
karen_stevenson cck 6.x-2.4
karen_stevenson cck 5.x-1.2
karen_stevenson cck 6.x-2.3
yves_chedemois cck 5.x-1.6
karen_stevenson cck 5.x-1.0
karen_stevenson cck 6.x-2.1
karen_stevenson cck 5.x-1.3
yves_chedemois cck 5.x-1.5
yves_chedemois cck 5.x-1.8
yves_chedemois cck 5.x-1.6-1
yves_chedemois cck 5.x-1.9
karen_stevenson cck 6.x-2.6
yves_chedemois cck 5.x-1.10
karen_stevenson cck 5.x-1.7
karen_stevenson cck 6.x-2.2
karen_stevenson cck 6.x-2.0
karen_stevenson cck 6.x-2.5
yves_chedemois cck 5.x-1.4
karen_stevenson cck 5.x-1.1
CVE-2010-2353 MEDIUM

The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
yves_chedemois cck 6.x-2.5
yves_chedemois cck 6.x-2.x-dev
yves_chedemois cck 6.x-2.2
yves_chedemois cck 6.x-2.4
yves_chedemois cck 6.x-1.x-dev
yves_chedemois cck 6.x-2.1
yves_chedemois cck 6.x-1.0-alpha
yves_chedemois cck 6.x-3.x-dev
yves_chedemois cck 6.x-2.0
yves_chedemois cck 6.x-2.3
yves_chedemois cck 6.x-2.6