466 matches found
Fedora 15 : drupal7-7.4-1.fc15 (2011-8878)
Remember to log in as user 1 prior to the RPM update, to perform the DB upgrade via http://yoursite/update.php. - Advisory ID: DRUPAL-SA-CORE-2011-002 - Project: Drupal core 1 - Version: 7.x - Date: 2011-JUNE-29 - Security risk: Highly critical 2 - Exploitable from: Remote - Vulnerability: Access...
[SECURITY] Fedora 14 Update: drupal7-7.2-1.fc14
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...
SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities
CVE: CVE-2011-2687 Multiple vulnerabilities and weaknesses were discovered in Drupal. Reflected cross site scripting vulnerability in error handler A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a...
SA-CONTRIB-2011-021 - Webform - Multiple Vulnerabilities
Webform module enables you to create custom webform or survey nodes. These nodes typically may be created either by editorial teams or administrators. Webform does not sufficiently check directory access when a user configures an upload field. This may allow a user to upload malicious files to th...
SA-CONTRIB-2011-017 - Save Draft - Validation Bypass
The Save Draft module adds a "Save as draft" button to the node form, letting content creators easily save a post in unpublished draft form. The module adds validation to individual form actions, thereby bypassing any form-wide validation that is normally performed before saving content. This is ...
SA-CONTRIB-2011-005 - AES encryption - Information disclosure
Due to a piece of code used for debugging mistakenly left in the release, the plain text password of the user who last logged in is written to a text file in the Drupal root directory. This file is remotely accessible, thus an attacker with the knowledge of which user last logged in may access th...