6 matches found
SA-2008-006 - Drupal core - Cross site scripting (UTF8)
When outputting plaintext Drupal strips potentially dangerous HTML tags and attributes from HTML, and escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are invalid in the...
SA-2007-029 - Drupal core - User deletion cross site request forgery
The Drupal Forms API protects against cross site request forgeries CSRF, where a malicous site can cause a user to unintentionally submit a form to a site where he is authenticated. The user deletion form does not follow the standard Forms API submission model and is therefore not protected again...
n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation
n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.006 14-Mar-2007 Vendor: Mayflower GmbH, http://www.mayflower.de Affected Products: PHProjekt 5.2.0 Vulnerability: Privilege escalation Risk: HIGH Vendor communication: 2006/12/31 initial notification of Mayflower 2007/01/02...
n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery
n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.005 14-Mar-2007 Vendor: Mayflower GmbH, http://www.mayflower.de Affected Products: PHProjekt 5.2.0 Vulnerability: Cross Site Request Forgery Risk: HIGH Vendor communication: 2006/12/31 initial notification of Mayflower 2007/01/0...
n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion
n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.004 14-Mar-2007 Vendor: Mayflower GmbH, http://www.mayflower.de Affected Products: PHProjekt 5.2.0 Vulnerability: Cross Site Scripting and Filter Evasion Risk: HIGH Vendor communication: 2006/12/31 initial notification of...
n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection
n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.003 14-Mar-2007 Vendor: Mayflower GmbH, http://www.mayflower.de Affected Products: PHProjekt 5.2.0 Vulnerability: SQL Injection Risk: HIGH Vendor communication: 2006/12/31 initial notification of Mayflower 2007/01/02 Mayflower...