107 matches found
[Full-disclosure] Drupal Embedded Media Field Module Multiple XSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure are posted at http://lampsecurity.org/drupal-6-embed-media-xss-vulnerability Vendor notified: 5/27/09 Vendor response: see below Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a...
[Full-disclosure] Drupal 6 CCK Module XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vendor Notified: 05/18/09 Vendor Response: Karoly Negyesi of Drupal security denies issue exists. Drupal security has responded to reports of CCK based XSS vulnerabilities in past with http://drupal.org/node/372836, which basically shirks the issue...
CVE-2009-1603
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted...
DEBIAN-CVE-2009-1603
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted...
Drupal Imagefield Upload / Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drupal Imagefield Module Multiple Vulnerabilities Security Risk: High Exploitable: Remotely Vulnerabilities: Arbitrary File Upload, Cross Site Scripting Discovered by: Justin C. Klein Keane, Andrew Rosborough Tested: Imagefield 5.x-2.2 on Drupal 5.15...
drupal-xss.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Date: Sept 12, 2008 Security risk: medium Exploitable from: Remote Vulnerability: Cross site scripting Description Drupal is a robust content management system CMS that provides extensibility through hundreds of third party modules. While the security...
Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-38-1)
CAN-2004-0814 : Vitaly V. Bursov discovered a Denial of Service vulnerability in the 'serio' code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup. Fixing this vulnerability required a change in the Application Binary...