EUVD-2008-4131

Malware in sbrugna...

Improper Authorization

Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to Improper Authorization due to improper authorization checks in the mailme operation of the mailHandler function. An attacker can escalate privileges and perform actions reserved for...

Mailhandler - Critical - Remote Code Execution - SA-CONTRIB-2017-089

The Mailhandler module enables you to create nodes by email. The Mailhandler module does not validate file attachments. By sending a correctly crafted e-mail to a mailhandler mailbox an attacker can execute arbitrary code. The vulnerability applies to any active mailhandler mailbox, whether or no...

Open Atrium Notifications - Less Critical - Information Disclosure - SA-CONTRIB-2016-026

Open Atrium is a distribution of Drupal that allows you to build collaborative web sites. The Open Atrium Notification module adds the ability to send email notifications to users subscribed to certain content. When combined with the Open Atrium Mailhandler app, incoming email replies to...

SA-CONTRIB-2012-152 - Feeds - Access bypass

The feeds module enables you to import or aggregate data as nodes, users, taxonomy terms or simple database records. The module doesn't sufficiently check permissions when creating nodes on behalf of a user. This vulnerability is mitigated by the fact that an attacker must have control over the...

CVE-2008-4148

SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API...

Sql injection

SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API...

CVE-2008-4148

SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API...

CVE-2008-4148

The CVE-2008-4148 vulnerability affects the Drupal Mailhandler module (5.x up to 5.x-1.4; 6.x up to 6.x-1.4). Root cause: SQL queries are constructed without using the Drupal database API, enabling remote attackers to execute arbitrary SQL commands via unspecified vectors. Impact and exploit deta...

SA-2008-050 - Mailhandler - SQL injection

The Mailhandler module allows users to create or edit nodes and comments via email. One vulnerability was found in the module. SQL Injection Mailhandler does not properly use the Drupal database API and inserts values from mails directly into queries. This can be exploited to perform SQL Injectio...