5 matches found
EUVD-2007-0838
Malware in sbrugna...
Design/Logic Flaw
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers...
CVE-2007-0841
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers...
Drupal Comment Function Arbitrary Code Execution
The version of Drupal running on the remote host fails to properly validate previews on comments, and allows access to more than one input filter, which is not enabled by default. An attacker can exploit this issue by previewing a comment to have it interpreted as PHP code, resulting in arbitrary...
CVE-2007-0626
This CVE affects Drupal’s comment_form_add_preview() in the comment.module, vulnerable in Drupal versions before 4.7.6 and 5.x before 5.1, and vbDrupal. The root cause is that previewed comments bypass normal form validation, and attackers with the right privileges ("post comments") and access to...