3 matches found
Debian DSA-1007-1 : drupal - several vulnerabilities
The Drupal Security Team discovered several vulnerabilities in Drupal, a fully-featured content management and discussion engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1225 Due to missing input sanitising a remote attacker could inject...
[DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue
---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2006-003 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2006-003 Project: Drupal core Date: 2006-03-13 Security risk: less critical...
DRUPAL-SA-2006-003 Session fixation vulnerability
If someone creates a clever enough URL and convinces you to click on it, and you later log in but you do not log off then the attacker may be able to impersonate you. Versions affected All Drupal versions before 4.6.6. Solution The fix to this issue requires PHP 4.3.2 or higher, which is higher...