1940 matches found
SA-CONTRIB-2011-005 - AES encryption - Information disclosure
Due to a piece of code used for debugging mistakenly left in the release, the plain text password of the user who last logged in is written to a text file in the Drupal root directory. This file is remotely accessible, thus an attacker with the knowledge of which user last logged in may access th...
SA-CONTRIB-2011-007 - Userpoints Cross Site Scripting
The Userpoints module allows users to gain points through specific actions like contributing content. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full administrative...
SA-CONTRIB-2011-008 - Chatroom - Cross Site Scripting (XSS) and Cross Site Request Forgery
The Chatroom module provides real-time chat capabilities to Drupal. Vulnerability: Cross Site Scripting The module does not properly escape the contents of chat messages in pages listing the chats contained in a chatroom, leading to a Cross Site Scripting XSS vulnerability. Any user with permissi...
SA-CONTRIB-2011-009 - Droptor - SQL Injection
The Droptor module connects a Drupal site to Droptor.com, a Drupal monitoring and management solution. When capturing memory logging information the module does not filter the value input from the current page request variable. This vulnerability can be exploited to perform an SQL Injection attac...
SA-CONTRIB-2011-006 - Flag Page - Cross Site Scripting (XSS)
The contributed flag page module provides an additional flag type to allow you to flag pages so you can bookmark any URL on your site including views, panels, administration pages or site contact page. The module does not sanitize the flag titles when displayed in blocks, leading to a Cross-Site...
SA-CONTRIB-2011-003 - Janrain Engage (RPX) - Multiple Vulnerabilities
RPX recently renamed Janrain Engage is a service that acts as a middleman between a site and external login providers like Facebook, Yahoo, WindowsLive, etc. As part of this functionality it offers the ability to take a user's avatar on these services and download it for use as the user's profile...
SA-CONTRIB-2011-002 - Panels - Cross Site Scripting (XSS)
The Panels module allows a site administrator to create customized layouts for multiple uses. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full administrative access...
SA-CONTRIB-2011-001 - Webform - SQL Injection
The contributed webform module provides a webform nodetype. Typical uses for webform are to create questionnaires, contact or request/register forms, surveys, polls or a front end to issues tracking systems. The module does not properly use the database API, leading to an SQL Injection...
SA-CONTRIB-2010-112 - oEmbed - Access Bypass
The oEmbed module allows a Drupal site to embed content from oEmbed-providers as well as for a site to become an oEmbed-provider itself so that other oEmbed-enabled websites can embed its content. If an external site requested to embed a node, the oEmbed provider did not check node access,...
SA-CONTRIB-2010-113 - Image - Cross Site Scripting
The Image module project contains supplemental modules, one of which, Image gallery, allows users to create and maintain galleries of image nodes using taxonomy terms. The Image gallery module does not sanitize some user-supplied data before displaying it, leading to a Cross Site Scripting XSS...
SA-CONTRIB-2010-111 - Views - Cross Site Scripting
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting XSS vulnerability. An attacker cou...
SA-CONTRIB-2010-110 - Drupal For Firebug - Cross-site Request Forgery
The Drupal For Firebug module allows developers to use Firebug to get debugging information about their Drupal installation. The module does not properly protect the form used to submit PHP code against Cross-site Request Forgeries CSRF, allowing a malicious user to trick an authorized user into...
SA-CONTRIB-2010-108 - Who Bought What|Ubercart - Multiple Vulnerabilities
The Who Bought What-module collects and displays relevant information about purchases, including purchaser name, quantity, payment status, and all attributes. The module does not properly sanitize arguments passed via the URL when used in SQL queries, leading to a SQL Injection vulnerability...
SA-CONTRIB-2010-109 - Embedded Media Field, Media: Video Flotsam, Media: Audio Flotsam - Multiple Vulnerabilities
1 - Arbitrary File Upload/Code Execution Vulnerability The Embedded Thumbnail module packaged with the project allows users who upload videos to upload their own thumbnails to replace The Drupal Embedded Media Field module. Unfortunately, the Embedded Thumbnail Module contains a vulnerability tha...
SA-CONTRIB-2010-105 - Outline Designer - Cross Site Request Forgery
Outline Designer allows for easier creation and management of items in a Book. The Outline Designer modules does not properly protect some of its paths against Cross Site Request Forgeries CSRF, allowing an attacker to get a user with the permission to administer site configuration to change any...
SA-CONTRIB-2010-106 - Comment Edited - Cross Site Scripting
The Comment Edited module displays a customizable message at the bottom of a comment when it has been edited. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full...
SA-CONTRIB-2010-107 - Services - Access bypass
The Services module allows users to expose Drupal functionality to remote users. Services provides the ability for users to update nodes contained in a drupal install via the services api. When using using the node.save service it is possible for a user to supply a specifically crafted node or...
SA-CONTRIB-2010-104 - Relevant Content - Information Disclosure
The Relevant Content module provides a block and CCK field which contain links to other nodes on the site which are considered "relevant" to the current nodes based on number of shared taxonomy terms. The Relevant Content module does not implement node access logic properly, resulting in the...
SA-CONTRIB-2010-102 - Category tokens - Cross Site Scripting
The Category tokens module exposes additional tokens for the first and last terms related to a node for each vocabulary. The module does not sanitize the vocabulary names when displayed in token help, leading to a Cross-Site Scripting XSS vulnerability that may lead to a malicious user gaining fu...
SA-CONTRIB-2010-103 - Node Relativity - Multiple vulnerabilities
The Node Relativity module allows parent-child relationships between nodes to be established, managed and searched. The Node Relativity module does not sanitize some of the user supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability which can be used by a maliciou...
SA-CONTRIB-2010-101 - Watcher - Multiple Vulnerabilities
The Watcher module lets users subscribe to nodes so they receive email notifications when comments are posted or nodes are changed. The Watcher module did not sanitize some of the user supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability which can be used by a...
SA-CONTRIB-2010-100 - Ubuntu Drupal Theme - Directory traversal and information disclosure
This Ubuntu Drupal Theme - Brown is designed to mimic the old ubuntu.com. The theme used a PHP file to generate a gradient image on the fly. User input from the URL is not properly validated in this PHP code, leading to a directory traversal vulnerability where the contents of any file readable b...
SA-CONTRIB-2010-099 - Views Bulk Operations - Access Bypass
Views Bulk Operations augments Views by allowing bulk operations to be executed on the nodes and users displayed by a view. It does so by showing a checkbox in front of each item, and adding a select box containing operations that can be applied on the selected items. In some circumstances, a...
SA-CONTRIB-2010-097 - Imagemenu - Multiple vulnerabilities
The Imagemenu module allows users to create and maintain image based menus. The Drupal 5 branch of this module contains a Cross Site Request Forgery CSRF vulnerability which could allow a malicious user to trick an administrator into unintentionally enabling or disabling menu items provided by th...
SA-CONTRIB-2010-098 - Memcache - Multiple vulnerabilities
The Memcache project provides an alternative cache backend which works with memcached program to speed up high traffic sites. The memcache backend caches the current $user object a little too aggressively, which can lead to a role change not being recognized until the user logs in again. The...
SA-CONTRIB-2010-094 - Embedded Media Field - Access bypass
The Embedded Media Field project is a set of modules that enable editors to post URL's and embed codes for third party media providers such as YouTube, Vimeo, or Flickr, which will be automatically parsed and displayed using preset formatters. The Embedded Video Field module packaged with the...
SA-CONTRIB-2010-095 - Lightbox2 - Multiple Vulnerabilities
The Lightbox2 module enables images to be overlaid on the current page using JavaScript. The module displays images above the page instead of within it, freeing the page design from layout constraints and keeping users on the same page. The module does not sanitize some of the user supplied data...
SA-CONTRIB-2010-096 - Domain access - Multiple Vulnerabilities
The Domain Access module suite allows users to maintain content shared across multiple domains running from a single Drupal installation. In several instances, the module does not sanitize the user-supplied domain name before displaying it, leading to a Cross-Site Scripting XSS vulnerability that...
SA-CONTRIB-2010-091 - Mollom - Information Disclosure
The Mollom module provides a combination of CAPTCHA challenges with text analysis to intelligently block spam. In some configurations, sensitive user data e.g., a user's plain-text password might be logged through calls to Drupal's watchdog API. This vulnerability is mitigated by the fact that th...
SA-CONTRIB-2010-092 - Advanced Book Blocks - Multiple Vulnerabilities
The Advanced Book Blocks module enables you to integrate with the API provided by the JQuery Menu module version 1.8 and higher to provide click and expand book menus with the ability to customize each block individually. The module contained Cross Site Scripting vulnerabilities which could allow...
SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities
Advanced Taxonomy Blocks makes use of the JQuery menu module to create extremely customizable blocks for browsing through single hierarchy taxonomies. The module contained Cross Site Scripting vulnerabilities which could allow a malicious user with one of several non-default permissions to inject...
SA-CONTRIB-2010-090 - Yr Weatherdata - SQL Injection
The Yr Weatherdata module displays weather forecasts, and enables users with the proper permission to set the sort method. When setting the sorting method the module does not filter the value input by the user correctly. This vulnerability can be exploited to perform an SQL Injection attack...
SA-CONTRIB-2010-089 - Simplenews Content Selection - Cross Site Scripting
This module allows you to select content from your website and send a newsletter with the selected content. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full...
SA-CONTRIB-2010-086 - Prepopulate - Access Bypass
The Prepopulate module provides the ability for form fields to be pre-populated via the request sent for the form. The module is vulnerable to access bypass which would allow a malicious user to change the value of fields they would not otherwise have access to alter. Versions affected Prepopulat...
SA-CONTRIB-2010-087 - GovDelivery - Cross site scripting
The GovDelivery module provides integration with the GovDelivery On-Demand Mailer service, a web service for GovDelivery customers that sends messages directly based on configured account information. The module replaces the backend of SMTP library in your Drupal site with calls to the GovDeliver...
SA-CONTRIB-2010-082 - Print - Local file read access
The Printer, e-mail and PDF versions "print" module provides printer-friendly versions of content, including a PDF version that is generated by one of three supported generation tools dompdf, TCPDF and wkhtmltopdf. When using the wkhtmltopdf PDF generation tool, that tool is able to access local...
SA-CONTRIB-2010-084 - OpenID - Authentication bypass
The OpenID module provides users the ability to login to sites using an OpenID account. The OpenID module doesn't implement the all required verifications from the OpenID 2.0 protocol and is vulnerable to a number of attacks. Specifically: - OpenID should verify that a "openid.responsenonce" has...
SA-CORE-2010-002 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities and weaknesses were discovered in Drupal. OpenID authentication bypass The OpenID module provides users the ability to login to sites using an OpenID account. The OpenID module doesn't implement all the required verifications from the OpenID 2.0 protocol and is vulnerable...
SA-CONTRIB-2010-083 - Ubercart sub-modules - Multiple Vulnerabilities
The Ubercart module for Drupal provides e-commerce features. Several modules within Ubercart were vulnerable to various security issues. 1. The 2Checkout gateway module did not properly verify the payment notification information. A malicious user could use a specially crafted HTTP request to...
SA-CONTRIB-2010-085 - Pathauto - Cross Site Scripting
The Pathauto module automatically generates path aliases for various kinds of content nodes, categories, users without requiring the user to manually specify the path alias. It also provides additional tokens that can be used in URL alias patterns and anywhere else that the Token API is used. The...
SA-CONTRIB-2010-081 - FileField Sources - Arbitrary Code Execution
The FileField Sources module expands on the abilities of FileField, allowing users to select new or existing files through additional means, including: Reuse of existing files through an autocomplete textfield or IMCE, or transfering files directly from remote servers. The module does not sanitiz...
SA-CONTRIB-2010-088 - Content Construction Kit (CCK) - Access Bypass
The Content Construction Kit CCK project is a set of modules that allows you to add custom fields to nodes using a web browser. The CCK "Node Reference" module provides a backend URL that is used for asynchronous requests by the "autocomplete" widget to locate nodes the user can reference. In som...
SA-CONTRIB-2010-080 - Privatemsg - Cross Site Scripting
The Privatemsg module allows to send private messages between users. The module does not properly escape user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Any user with permission to write private messages is vulnerable to attack. Versions affected...
SA-CONTRIB-2010-079 - Devel (Performance logging) - Cross Site Scripting
The devel project is a suite of modules for developers and themers. Within the devel project, there is the performance logging module. The module does not escape URLs comprised of node paths, leading to a Cross Site Scripting XSS vulnerability. Users with the permission to access the reports that...
SA-CONTRIB-2010-076 - Dashboard - Cross Site Scripting (CSS)
The dashboard module allows users to create a personalized set of pages of widgets created from existing blocks and nodes like iGoogle. The module does not escape user generated names for tags & titles associated with default widgets that are added to a user dashboard page, leading to a Cross Sit...
SA-CONTRIB-2010-077 - Sage Pay (former Protx) Direct Payment Gateway for Ubercart - Information Disclosure
The Sage Pay Direct Payment Gateway for Ubercart ucprotxvspdirect processes credit card transactions in Ubercart stores using the Sage Pay Direct service. The module may show remote 3-D Secure pages to the user in an iframe when their bank supports the Verified by Visa or MasterCard SecureCode...
SA-CONTRIB-2010-078 - Kaltura - Information disclosure
The Kaltura module integrates the Kaltura open source video platform with Drupal. When installing, uninstalling, or configuring the module, it would surreptitiously inject a hidden iframe into the messages displayed to the administrator with the source pointing to corp.kaltura.com/stats/drupal...
SA-CONTRIB 2010-075 - Tagging - Cross Site Scripting
The Tagging module provides an alternative input widget and other features for taxonomy terms. The module does not properly escape user-provided content submitted to free-tagging vocabularies displayed on node previews, leading to a Cross Site Scripting XSS vulnerability. Any user with permission...
SA-CONTRIB-2010-073 - Multiple Vulnerabilities In Multiple Contributed Modules
Versions affected and proposed solutions Simple Gallery for Drupal 6.x This module creates a simple gallery using taxonomy and CCK imagefields. The module is vulnerable to a Cross Site Scripting XSS attack. This can be exploited by users with the ability to add taxonomy terms or tag content...
SA-CONTRIB-2010-074 - Drupad - Cross-site request forgery
The Drupad module is the companion module of the iPhone / iPodTouch application also called Drupad. The module doesn't check if the incoming request is made from the application, leading to a CSRF vulneraby. This vulnerability can be used to delete users and content, or set the site in offline mo...