Debian DSA-1930-1 : drupal6 - several vulnerabilities

Several vulnerabilities have been found in drupal6, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2372 Gerhard Killesreiter discovered a flaw in the way user signatures are handled. It is possible for...

CVE-2008-6836

Cross-site request forgery CSRF vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors...