116 matches found
EUVD-2010-3669
Malware in sbrugna...
EUVD-2010-3670
Malware in sbrugna...
EUVD-2007-6265
Malware in sbrugna...
EUVD-2007-5573
Malware in sbrugna...
EUVD-2008-4578
Malware in sbrugna...
EUVD-2008-4319
Malware in sbrugna...
EUVD-2008-2765
Malware in sbrugna...
EUVD-2008-0285
Malware in sbrugna...
EUVD-2009-1839
Malware in sbrugna...
CVE-2010-2472
CVE-2010-2472 affects Drupal 6.x < 6.16 and 5.x
[SECURITY] Fedora 21 Update: drupal6-cck-2.10-1.fc21
The Content Construction Kit allows you to add custom fields to custom content types using a web interface. In Drupal 5.x, custom content types can be created in Drupal core, and the Content Construction Kit allows you to add custom fields to any content type. In Drupal 7 and later, most of the...
SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities
This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the users database column but does not replace the pass attribute of the account object used for password reset links. This leads to a vulnerability...
SA-CONTRIB-2010-113 - Image - Cross Site Scripting
The Image module project contains supplemental modules, one of which, Image gallery, allows users to create and maintain galleries of image nodes using taxonomy terms. The Image gallery module does not sanitize some user-supplied data before displaying it, leading to a Cross Site Scripting XSS...
SA-CONTRIB-2010-100 - Ubuntu Drupal Theme - Directory traversal and information disclosure
This Ubuntu Drupal Theme - Brown is designed to mimic the old ubuntu.com. The theme used a PHP file to generate a gradient image on the fly. User input from the URL is not properly validated in this PHP code, leading to a directory traversal vulnerability where the contents of any file readable b...
SA-CONTRIB-2010-095 - Lightbox2 - Multiple Vulnerabilities
The Lightbox2 module enables images to be overlaid on the current page using JavaScript. The module displays images above the page instead of within it, freeing the page design from layout constraints and keeping users on the same page. The module does not sanitize some of the user supplied data...
SA-CONTRIB-2010-094 - Embedded Media Field - Access bypass
The Embedded Media Field project is a set of modules that enable editors to post URL's and embed codes for third party media providers such as YouTube, Vimeo, or Flickr, which will be automatically parsed and displayed using preset formatters. The Embedded Video Field module packaged with the...
SA-CONTRIB-2010-084 - OpenID - Authentication bypass
The OpenID module provides users the ability to login to sites using an OpenID account. The OpenID module doesn't implement the all required verifications from the OpenID 2.0 protocol and is vulnerable to a number of attacks. Specifically: - OpenID should verify that a "openid.responsenonce" has...
SA-CONTRIB-2010-085 - Pathauto - Cross Site Scripting
The Pathauto module automatically generates path aliases for various kinds of content nodes, categories, users without requiring the user to manually specify the path alias. It also provides additional tokens that can be used in URL alias patterns and anywhere else that the Token API is used. The...
SA-CONTRIB-2010-082 - Print - Local file read access
The Printer, e-mail and PDF versions "print" module provides printer-friendly versions of content, including a PDF version that is generated by one of three supported generation tools dompdf, TCPDF and wkhtmltopdf. When using the wkhtmltopdf PDF generation tool, that tool is able to access local...
Fedora 11 : drupal-views-6.x.2.11-1.fc11 (2010-10197)
Advisory ID: DRUPAL-SA-CONTRIB-2010-067 http://drupal.org/node/829840 Project: Views third-party module Version: 5.x, 6.x Date: 2010-June-16 Security risk: Less critical Exploitable from: Remote - Vulnerability: Multiple vulnerabilities -------- DESCRIPTION...