21 matches found
EUVD-2008-2989
Malware in sbrugna...
EUVD-2008-2991
Malware in sbrugna...
EUVD-2008-2988
Malware in sbrugna...
EUVD-2008-2990
Malware in sbrugna...
EUVD-2005-2417
Malware in sbrugna...
Code injection
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Improper access control
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions...
CVE-2008-3000
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions...
CVE-2008-2999
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-3001
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions...
Sql injection
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-3000
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions...
CVE-2008-3001
CVE-2008-3001 affects Drupal’s Aggregation module (5.x) prior to 5.x-4.4. A crafted feed enables uploading files with arbitrary extensions, which could lead to remote code execution. Impact is described as remote attacker access with potentially complete compromise. A patch is available in 5.x-4....
CVE-2008-3001
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions...
CVE-2008-2999
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-2998
Multiple cross-site scripting XSS vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-3000
The vulnerability CVE-2008-3000 affects Drupal’s Aggregation module (5.x) prior to 5.x-4.4 when node access modules are enabled. The issue is a faulty access-control implementation that may allow remote attackers to bypass restrictions and access areas they should not reach. The description and m...
CVE-2008-2999
The CVE-2008-2999 entry concerns a Drupal Aggregation module vulnerability in the 5.x line prior to 5.x-4.4. The issue is a SQL injection in the Aggregation module that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Affected software is Drupal with the Aggregat...
SA-2008-035 - Aggregation - Multiple vulnerabilities
The Aggregation module syndicates content from external feeds saving them as nodes. A significant amount of vulnerabilities were discovered in the module: Cross site scripting - Numerous values are displayed without being properly escaped or filtered, which enables users to inject arbitrary HTML...