806 matches found
Mandriva Linux Security Advisory : php (MDVSA-2009:247)
Multiple vulnerabilities was discovered and corrected in php : The dbareplace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service file truncation via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the...
Fedora Core 11 FEDORA-2009-8184 (drupal-date)
The remote host is missing an update to drupal-date announced via advisory FEDORA-2009-8184. OpenVAS Vulnerability Test $Id: fcore20098184.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-8184 drupal-date Authors: Thomas Reinke Copyright: Copyright c...
SA-CONTRIB-2009-044 - Bubbletimer - Multiple vulnerabilities
Bubbletimer allows users to create timesheets based on nodes. It suffers from a cross-site scripting XSS vulnerability due to not properly sanitizing node titles before they are displayed. It is also vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly add...
SA-CONTRIB-2009-031 - Ajax Session - Multiple vulnerabilities
The Ajax session module allows users to set PHP session variables using AJAX. The module does not make proper use of the Drupal API, leaving it open to multiple vulnerabilities, including Cross Site Request Forgeries CSRF and Cross Site Scripting XSS. Versions affected Ajax Session 5.x-1.0 Drupal...
SA-CONTRIB-2009-023 - News Page - SQL injection
The News Page module provides a node content type which displays feed items from an aggregator category, filtered by keywords entered into the 'Include Words' field of the node. Unfortunately the News Page module uses keywords directly in SQL queries without being sanitized, allowing SQL injectio...
SA-CONTRIB-2009-020 - Print - Cross site scripting
The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module does not correctly escape content titles, enabling malicious users to insert arbitrary HTML and scripts into certain pages. Such a cross site scripting XSS attack against sufficiently...
SA-CONTRIB-2009-021 CCK comment reference - Cross site scripting
CCK comment reference project, lets administrators define node fields that are references to comments. When displaying a node edit form, the titles of candidate referenced comments are not properly filtered, allowing malicious users to inject arbitrary code on those pages. Such a cross site...
SA-CONTRIB-2009-013 CCK - Cross site scripting
The Node reference and User reference sub-modules, which are part of the Content Construction Kit CCK project, lets administrators define node fields that are references to other nodes or to users. When displaying a node edit form, the titles of candidate referenced nodes or names of candidate...
SA-CONTRIB-2009-009 Forward module can be used as a spam relay
This vulnerability allows spammers or spambots to use sites with the Forward module installed to send nearly unlimited e-mail. Due to improper use of Drupal's flood control API, it is possible for one user to send an unlimited numbers of mails using the forward module. Important note : the securi...
Fedora Update for quagga FEDORA-2007-2196
Check for the Version of quagga OpenVAS Vulnerability Test Fedora Update for quagga FEDORA-2007-2196 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
SA-CONTRIB-2009-007 - Advertisement Cross-site scripting
The Advertisement module displays and tracks advertisements on Drupal websites. Unsanitized text is displayed in several places, allowing users with "administer advertisements" permissions to execute arbitrary code. Users with "administer advertisements" permissions have the ability to configure...
SA-CONTRIB-2009-005 - Views bulk operations - Cross site scripting
Views bulk operations augments Views by enabling bulk operations to be executed on the content displayed by a view. Views bulk operations does not properly escape user-supplied data on some pages, allowing malicious users to insert arbitrary HTML and script code into these pages. Such a cross sit...
SA-CONTRIB-2009-004 - Notify - Privilege escalation
A user triggering the cron processing of the Notify module may end up getting logged in as another user when the Notify operations do not complete succesfully. Versions Affected Versions of Notify for Drupal 5.x prior to 5.x-1.2 Drupal core is not affected. If you do not use the Notify module,...
SA-CONTRIB-2009-001 - Project release - Multiple vulnerabilities
Exploitable from: Remote Vulnerabilities: Arbitrary file upload, Cross-site scripting XSS The Project release module is a component within the broader Project module. This announcement covers the following two issues: 1. Project release enables file attachments to create a specific version of cod...
FreeBSD Ports: postgresql-contrib
The remote host is missing an update to the system as announced in the referenced advisory. VID 6a164d84-2f7f-11d9-a9e7-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: postgresql-contrib
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
SA-2008-023 - Ubercart - Cross site scripting
During checkout in Ubercart enabled stores, customers have text fields in which to enter their address and order information. Some stores will have modules enabled that restrict what sort of values are accepted in these fields, but this is not the case for everyone. This provides an opportunity f...
CentOS 3 : postgresql (CESA-2008:0039)
Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS. The...
Fedora Core 6 : quagga-0.99.7-1.fc6 (2007-525)
This update contains rebase to quagga-0.99.7 along with fix for CVE-2007-1995. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Ubuntu 4.10 : postgresql contributed script vulnerability (USN-6-1)
Recently, Trustix Secure Linux discovered a vulnerability in the postgresql-contrib package. The script 'makeoidjoinscheck' created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the script. Note...