SA-2008-064 - Node Vote - SQL injection vulnerability

The Node Vote module allows authorized users to vote on certain types of nodes. If the administrator has enabled the "Allow user to vote again" setting for the Node Vote module, malicious user can inject SQL when changing a previously cast vote. This is because Node Vote does not properly use the...

Multiple vulnerabilities in Database Administration (dba) module

The Database Administration dba module allows site administrators with sufficient privileges to view and directly modify the Drupal database tables for a site. Numerous cross-site scripting XSS vulnerabilities were discovered when the administrator runs queries to display data from the database,...

Secure site - Access bypass

Secure site allows one to protect a website with a browser-based password. These usernames and passwords are tied directly to the Drupal user database. The site will be invisible to search engines and other crawlers, but still allows access to certain users. A serious design flaw allows the acces...