EUVD-2006-6513

Malware in sbrugna...

EUVD-2006-6514

Malware in sbrugna...

CVE-2006-6530

SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2006-6531

Cross-site scripting XSS vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles...

CVE-2006-6531

CVE-2006-6531 affects the Drupal Help Tip module prior to 4.7.x-1.0, where an XSS vulnerability exists that allows remote attackers to inject arbitrary script/HTML via node titles. Root cause is an input/output handling flaw in the module that fails to sanitize title content. Impact is partial co...

CVE-2006-6530

The CVE-2006-6530 entry describes an SQL injection vulnerability in the Drupal Help Tip module older than 4.7.x-1.0. The affected component is the Help Tip module for Drupal; root cause involves SQL command injection via unspecified vectors, allowing remote attackers to potentially execute arbitr...

Help Tip - Multiple vulnerabilities

The contributed module Help Tip bypasses Drupal's database API and uses user-supplied data unescaped in queries, allowing malicious users to execute SQL injection attacks. These attacks may lead to administrator access. Node titles are not properly sanitised before being used in block titles. Thi...