EUVD-2008-4772

Malware in sbrugna...

EUVD-2008-3728

Malware in sbrugna...

CVE-2008-4792

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values...

CVE-2008-4792

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values...

Design/Logic Flaw

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values...

CVE-2008-4792

The CVE-2008-4792 issue affects Drupal 5.x before 5.11 and 6.x before 6.5, where the core BlogAPI module fails to validate unspecified content fields in an internal form. This allows remote authenticated users to bypass access restrictions by altering field values. The vulnerability is described ...

CVE-2008-4792

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values...

Fedora 9 : drupal-6.5-1.fc9 (2008-8852)

Update to 6.5, security fixes: SA-2008-047 http://drupal.org/node/318706 - File upload access bypass unprivileged file attach - Access rules bypass - BlogAPI access bypass Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to...

Fedora 8 : drupal-5.11-1.fc8 (2008-8905)

Update to 5.11, security fixes: SA-2008-047 http://drupal.org/node/318706 - File upload access bypass file disclosure - Access rules bypass - BlogAPI access bypass - Node validation bypass Remember to log in to your site as the admin user before upgrading this package. After upgrading the package...

FreeBSD : drupal -- multiple vulnerabilities (12efc567-9879-11dd-a5e7-0030843d3802)

The Drupal Project reports : A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...

SA-2008-060 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities and weaknesses were discovered in Drupal. File upload access bypass A logic error in the core upload module validation allowed unprivileged users to attach files to content. This bug affects Drupal 6.x only. Users can view files attached to content which they do not...

drupal -- multiple vulnerabilities

The Drupal Project reports: A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...

Unrestricted file upload

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated...

CVE-2008-3742

CVE-2008-3742 affects Drupal’s BlogAPI module in Drupal 5.x (before 5.10) and 6.x (before 6.4). The vulnerability is an unrestricted file upload where an authenticated user can upload a file with an executable extension that is not validated, enabling arbitrary code execution. OpenVAS/Fedora advi...

CVE-2008-3742

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated...

FreeBSD : drupal -- multiple vulnerabilities (070b5b22-6d74-11dd-aa18-0030843d3802)

The Drupal Project reports : A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by the browser, enabling malicious users with the ability to...

SA-2008-047 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities and weaknesses were discovered in Drupal. Cross site scripting A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by th...