Drupal Mime Mail Module文件附件安全绕过漏洞

Bugtraq ID:65996 Drupal是一套开放源码的内容管理平台。 Drupal Mime Mail Module不正确校验附件文件路径，允许远程攻击者利用漏洞添加任意文件并获取敏感信息。 0 Drupal Mime Mail Module 6.x 厂商补丁： Drupal ----- Drupal Mime Mail Module 6.x-1.4已经修复该漏洞，建议用户下载更新： https://drupal.org/node/2211419...

SA-CONTRIB-2012-065 - Sitedoc - Information disclosure

CVE: CVE-2012-2302 This module enables you to display a plethora of information about your site's structure. Optionally, the information may be saved into a file for later comparison. The module doesn't sufficiently verify that the saved file is protected by the Private File System. This...

SA-CONTRIB-2010-023 - Workflow - Cross Site Scripting

When used in combination with the Token module, the Workflow module does not escape the text entered into the Comment field of the workflow fieldset on the node form. This allows a user with the permission to change the workflow state of a node to perform a Cross Site Scripting XSS attack if a...