CVE

Id
60153  
CVE No.
CVE-2013-0206  
Status
Candidate  
Description
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.  
Phase
Assigned (20121206)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
607152 60153 CVE-2013-0206 MLIST:[oss-security] 20130121 Re: CVE request for Drupal contributed modules  View
607153 60153 CVE-2013-0206 URL:http://www.openwall.com/lists/oss-security/2013/01/21/5  View
607154 60153 CVE-2013-0206 MISC:https://drupal.org/node/1890318  View
607155 60153 CVE-2013-0206 CONFIRM:http://drupal.org/node/1883976  View
607156 60153 CVE-2013-0206 CONFIRM:http://drupal.org/node/1883978  View
607157 60153 CVE-2013-0206 CONFIRM:http://drupalcode.org/project/live_css.git/commitdiff/cb7005f  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
22841 JVNDB-2013-004416 libarchive の archive_write_set_format_zip.c における整数符号エラーの脆弱性 libarchive の archive_write_set_format_zip.c 内の archive_write_zip_data 関数には、64-bit マシン上で稼働する場合、整数符号エラーの脆弱性が存在します。 CVE-2013-0211 60153 5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-004416.html  View