6 matches found
Debian Security Advisory DSA 1125-2 (drupal)
The remote host is missing an update to drupal announced via advisory DSA 1125-2. The Drupal update in DSA 1125 contained a regression. This update corrects this flaw. For completeness, the original advisory text below: Several remote vulnerabilities have been discovered in the Drupal web site...
DSA-1125 drupal - several
Bulletin has no description...
Code injection
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743...
CVE-2006-2743
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...
CVE-2006-2743
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...
CVE-2006-2743
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...