Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1125
HistoryJul 27, 2006 - 12:00 a.m.

drupal - several

2006-07-2700:00:00
Google
osv.dev
7

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.175 Low

EPSS

Percentile

95.4%

JSON

The Drupal update in DSA 1125 contained a regression. This update corrects
this flaw. For completeness, the original advisory text below:

Several remote vulnerabilities have been discovered in the Drupal web site
platform, which may lead to the execution of arbitrary web script. The
Common Vulnerabilities and Exposures project identifies the following
problems:

  • CVE-2006-2742
    A SQL injection vulnerability has been discovered in the “count” and
    “from” variables of the database interface.
  • CVE-2006-2743
    Multiple file extensions were handled incorrectly if Drupal ran on
    Apache with mod_mime enabled.
  • CVE-2006-2831
    A variation of CVE-2006-2743 was addressed as well.
  • CVE-2006-2832
    A Cross-Site-Scripting vulnerability in the upload module has been
    discovered.
  • CVE-2006-2833
    A Cross-Site-Scripting vulnerability in the taxonomy module has been
    discovered.

For the stable distribution (sarge) these problems have been fixed in
version 4.5.3-6.1sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 4.5.8-1.1.

We recommend that you upgrade your drupal packages.

Related

openvas 10
nessus 3
debian 2
freebsd 2
ubuntucve 5
prion 5
cve 5
securityvulns 1
openvas
openvas
Debian Security Advisory DSA 1125-2 (drupal)
2008-01-17 00:00:00
Debian Security Advisory DSA 1125-1 (drupal)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1125-1)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-1125-2 : drupal - several vulnerabilities
2006-10-14 00:00:00
FreeBSD : drupal -- multiple vulnerabilities (40a0185f-ec32-11da-be02-000c6ec775d9)
2006-06-06 00:00:00
FreeBSD : drupal -- multiple vulnerabilities (6da7344b-128a-11db-b25f-00e00c69a70d)
2006-07-17 00:00:00
debian
debian
[SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code
2006-07-26 21:20:57
[SECURITY] [DSA 1125-2] New drupal packages fix execution of arbitrary web script code (revised packages)
2006-07-27 17:23:51
freebsd
freebsd
drupal -- multiple vulnerabilities
2006-05-18 00:00:00
drupal -- multiple vulnerabilities
2006-05-18 00:00:00
ubuntucve
ubuntucve
CVE-2006-2831
2006-06-06 00:00:00
CVE-2006-2832
2006-06-06 00:00:00
CVE-2006-2742
2006-06-01 00:00:00
prion
prion
Code injection
2006-06-06 00:02:00
Sql injection
2006-06-01 10:02:00
Cross site scripting
2006-06-06 00:02:00
cve
cve
CVE-2006-2831
2006-06-06 00:02:00
CVE-2006-2832
2006-06-06 00:02:00
CVE-2006-2833
2006-06-06 00:02:00
securityvulns
securityvulns
[ MDKSA-2007:132 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities
2007-06-22 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.175 Low

EPSS

Percentile

95.4%

JSON
Related for OSV:DSA-1125
openvas10nessus3debian2freebsd2ubuntucve5prion5cve5securityvulns1