EUVD-2008-5969

Malware in sbrugna...

Drupal Ajax Checklist 5.x-1.0 Module Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/31384/info The Ajax Checklist module for Drupal is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Exploiting these issues could...

Cross site scripting

Cross-site scripting XSS vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajaxchecklist filter...

Sql injection

Multiple SQL injection vulnerabilities in the ajaxchecklistsave function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the 1 nid, 2 qid, and...

CVE-2008-5999

Cross-site scripting XSS vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajaxchecklist filter...

CVE-2008-5998

Multiple SQL injection vulnerabilities in the ajaxchecklistsave function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the 1 nid, 2 qid, and...

CVE-2008-5998

CVE-2008-5998 describes multiple SQL injection vulnerabilities in the Ajax Checklist module for Drupal (5.x before 5.x-1.1). The flaws allow remote authenticated users, with the update ajax checklists permission, to execute arbitrary SQL commands via a save operation, with the vulnerability tied ...

CVE-2008-5998

Multiple SQL injection vulnerabilities in the ajaxchecklistsave function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the 1 nid, 2 qid, and...

CVE-2008-5999

CVE-2008-5999: In Drupal’s Ajax Checklist module (5.x) versions before 5.x-1.1, a cross-site scripting (XSS) vulnerability exists. Remote authenticated users with create/edit permissions for posts can inject arbitrary script/HTML via the ajax_checklist filter. Affected component is the Drupal Aja...

CVE-2008-5999

Cross-site scripting XSS vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajaxchecklist filter...

drupalajax-sql.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drupal Ajax Checklist Module SQL Injection Vulnerability Discovery Date: Sept 15, 2008 Security risk: high Exploitable from: Remote Vulnerability: SQL Injection Discovered by: Justin C. Klein Keane Description Drupal http://drupal.org is a robust...

Drupal Module Ajax Checklist 5.x-1.0 - Multiple SQL Injections

Drupal Module Ajax Checklist 5.x-1.0 - Multiple SQL Injections source: https://www.securityfocus.com/bid/31384/info The Ajax Checklist module for Drupal is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries...

SA-2008-057 - Ajax Checklist - Multiple vulnerabilities

The Ajax Checklist module implements a filter that allows a user to include checkboxes into content. The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with the "update ajax checklists"...