26 matches found
EUVD-2006-4808
Malware in sbrugna...
EUVD-2008-0285
Malware in sbrugna...
EUVD-2007-5573
Malware in sbrugna...
SA-CONTRIB-2009-084 - LDAP Integration - Multiple Vulnerabilities
The LDAP Integration module enables users to authenticate against LDAP servers. The module does not properly implement confirmation pages for the LDAP server activation/deactivation which could lead to a Cross Site Request Forgery CSRF attack. The user defined server name is not properly escaped ...
SA-2008-011 - Securesite - Access bypass
The Secure Site module provides functions for placing your site behind HTTP based authentication. The module contains a flaw that allows an attacker who is behind the same proxy as a logged in user, to access the site as if the attacker is the user. Versions affected Secure Site for Drupal 5.x an...
CVE-2008-0274
Cross-site scripting XSS vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files...
CVE-2008-0272
Cross-site request forgery CSRF vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users...
SA-2008-002 - Atom - Access bypass
The Atom module provides a list of node titles, and teasers or bodies as part of a syndication feed. In certain conditions, the titles, teasers, and body were not respecting access permissions, potentially exposing content to syndication not available otherwise. Versions affected Atom for Drupal...
SA-2008-006 - Drupal core - Cross site scripting (UTF8)
When outputting plaintext Drupal strips potentially dangerous HTML tags and attributes from HTML, and escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are invalid in the...
Cross site scripting
Cross-site scripting XSS vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SA-2007-026 - Drupal Core - Cross site scripting via uploads
The allowed extension list of the core Upload module contains the extension HTML by default. Such files can be used to execute arbitrary script code in the context of the affected site when a user views the file. Revoking upload permissions or removing the .html extension from the allowed extensi...
Print - Access bypass
Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control,...
[DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue
---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2007-005 ---------------------------------------------------------------------------- Project: Drupal core Version: 4.7.x, 5.x Date: 2007-Jan-29 Security risk: Highy critical Exploitabl...
CVE-2006-5475
Multiple cross-site scripting XSS vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed...
CVE-2006-4947
Cross-site scripting XSS vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output."...
CVE-2006-4949
Cross-site scripting XSS vulnerability in the Drupal 4.6 Site Profile Directory profilepages.module before 1.1.2.1 and the Drupal 4.7 Site Profile Directory profilepages.module before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack o...
CVE-2006-4947
Cross-site scripting XSS vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output."...
CVE-2006-4821
Cross-site scripting XSS vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2006-4821
CVE-2006-4821 is a cross-site scripting (XSS) flaw in the Drupal 4.7 Userreview module prior to version 1.19 (2006-09-12). The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The NVD metrics assign a CVSS v2 base score of 4.3 (Medium); attack ...
Userreview cross site scripting vulnerability
It is possible for a malicious user to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. Versions affected Drupal core is not affected. If you do not use the...