CVE-2008-2771
https://notcve.org/view.php?id=CVE-2008-2771
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. El módulo Node Hierarchy 5.x anterior a 5.x-1.1 y 6.x anteriores a 6.x-1.0 para Drupal no implementa adecuadamente los controles de acceso, lo que permite a atacantes remotos con permiso de "acceso al contenido", evitar las restricciones y modificar la jerarquía a través de vectores de ataque indeterminados. • http://drupal.org/node/269473 http://secunia.com/advisories/30622 http://www.securityfocus.com/bid/29675 https://exchange.xforce.ibmcloud.com/vulnerabilities/43006 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-1368
https://notcve.org/view.php?id=CVE-2007-1368
The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier. El módulo Project anterior 4.7.x-1.3, 4.7.x-2.* anterior a 4.7.x-2.3, y 5 anterior 5.x-0.2-beta para Drupal permite a usuarios remotos validados, con permisos "asuntos de acceso a proyecto", leer el contenido de un nodo privado a través de una URL con un nodo identificador modificado. • http://drupal.org/node/125832 http://drupal.org/node/125833 http://osvdb.org/33913 http://secunia.com/advisories/24409 http://www.securityfocus.com/bid/22867 http://www.vupen.com/english/advisories/2007/0873 https://exchange.xforce.ibmcloud.com/vulnerabilities/32871 •