21 matches found
EUVD-2008-2988
Malware in sbrugna...
EUVD-2005-2417
Malware in sbrugna...
EUVD-2008-2991
Malware in sbrugna...
EUVD-2008-2990
Malware in sbrugna...
EUVD-2008-2989
Malware in sbrugna...
CVE-2008-2999
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-3001
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Code injection
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions...
CVE-2008-3000
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions...
Improper access control
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions...
CVE-2008-2998
Multiple cross-site scripting XSS vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-3001
CVE-2008-3001 affects Drupal’s Aggregation module (5.x) prior to 5.x-4.4. A crafted feed enables uploading files with arbitrary extensions, which could lead to remote code execution. Impact is described as remote attacker access with potentially complete compromise. A patch is available in 5.x-4....
CVE-2008-2999
The CVE-2008-2999 entry concerns a Drupal Aggregation module vulnerability in the 5.x line prior to 5.x-4.4. The issue is a SQL injection in the Aggregation module that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Affected software is Drupal with the Aggregat...
CVE-2008-3001
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions...
CVE-2008-3000
The vulnerability CVE-2008-3000 affects Drupal’s Aggregation module (5.x) prior to 5.x-4.4 when node access modules are enabled. The issue is a faulty access-control implementation that may allow remote attackers to bypass restrictions and access areas they should not reach. The description and m...
CVE-2008-3000
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions...
CVE-2008-2999
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
SA-2008-035 - Aggregation - Multiple vulnerabilities
The Aggregation module syndicates content from external feeds saving them as nodes. A significant amount of vulnerabilities were discovered in the module: Cross site scripting - Numerous values are displayed without being properly escaped or filtered, which enables users to inject arbitrary HTML...