EUVD-2007-0505

Malware in sbrugna...

SA-CONTRIB-2010-095 - Lightbox2 - Multiple Vulnerabilities

The Lightbox2 module enables images to be overlaid on the current page using JavaScript. The module displays images above the page instead of within it, freeing the page design from layout constraints and keeping users on the same page. The module does not sanitize some of the user supplied data...

Drupal Acidfree模块节点标题SQL注入漏洞

WebSpell是一款基于PHP的WEB应用程序。 WebSpell不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是脚本对用户提交的Node标题参数缺少过滤，提交恶意SQL脚本代码作为参数数据，可更改原来的SQL逻辑，导致获得敏感信息。 Drupal Acidfree Module 4.7 Drupal Acidfree Module 4.6 厂商解决方案 升级程序： Drupal Acidfree Module 4.6 Drupal acidfree-4.6.x-1.0.tar.gz...

Sql injection

SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles...

CVE-2007-0507

SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles...

[SA23895] Drupal Acidfree Module "node titles" SQL Injection Vulnerability

TITLE: Drupal Acidfree Module "node titles" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA23895 VERIFY ADVISORY: http://secunia.com/advisories/23895/ CRITICAL: Less critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Drupal Acidfree Module 4.x http://secunia.com/product/13326/...

Acidfree - SQL injection

Under certain circumstances, node titles are not escaped before being used in an SQL query, allowing a malicious user with the 'create acidfree albums' privilege and the ability to create acidfree content, to execute an SQL injection attack. These attacks may lead to administrator access. Version...