SA-CONTRIB-2010-091 - Mollom - Information Disclosure

The Mollom module provides a combination of CAPTCHA challenges with text analysis to intelligently block spam. In some configurations, sensitive user data e.g., a user's plain-text password might be logged through calls to Drupal's watchdog API. This vulnerability is mitigated by the fact that th...

SA-CONTRIB-2010-092 - Advanced Book Blocks - Multiple Vulnerabilities

The Advanced Book Blocks module enables you to integrate with the API provided by the JQuery Menu module version 1.8 and higher to provide click and expand book menus with the ability to customize each block individually. The module contained Cross Site Scripting vulnerabilities which could allow...

SA-CONTRIB-2010-090 - Yr Weatherdata - SQL Injection

The Yr Weatherdata module displays weather forecasts, and enables users with the proper permission to set the sort method. When setting the sorting method the module does not filter the value input by the user correctly. This vulnerability can be exploited to perform an SQL Injection attack...

SA-CONTRIB-2010-089 - Simplenews Content Selection - Cross Site Scripting

This module allows you to select content from your website and send a newsletter with the selected content. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full...

SA-CONTRIB-2010-085 - Pathauto - Cross Site Scripting

The Pathauto module automatically generates path aliases for various kinds of content nodes, categories, users without requiring the user to manually specify the path alias. It also provides additional tokens that can be used in URL alias patterns and anywhere else that the Token API is used. The...

SA-CONTRIB-2010-084 - OpenID - Authentication bypass

The OpenID module provides users the ability to login to sites using an OpenID account. The OpenID module doesn't implement the all required verifications from the OpenID 2.0 protocol and is vulnerable to a number of attacks. Specifically: - OpenID should verify that a "openid.responsenonce" has...

SA-CONTRIB-2010-083 - Ubercart sub-modules - Multiple Vulnerabilities

The Ubercart module for Drupal provides e-commerce features. Several modules within Ubercart were vulnerable to various security issues. 1. The 2Checkout gateway module did not properly verify the payment notification information. A malicious user could use a specially crafted HTTP request to...

SA-CONTRIB-2010-082 - Print - Local file read access

The Printer, e-mail and PDF versions "print" module provides printer-friendly versions of content, including a PDF version that is generated by one of three supported generation tools dompdf, TCPDF and wkhtmltopdf. When using the wkhtmltopdf PDF generation tool, that tool is able to access local...

SA-CONTRIB-2010-086 - Prepopulate - Access Bypass

The Prepopulate module provides the ability for form fields to be pre-populated via the request sent for the form. The module is vulnerable to access bypass which would allow a malicious user to change the value of fields they would not otherwise have access to alter. Versions affected Prepopulat...

SA-CONTRIB-2010-087 - GovDelivery - Cross site scripting

The GovDelivery module provides integration with the GovDelivery On-Demand Mailer service, a web service for GovDelivery customers that sends messages directly based on configured account information. The module replaces the backend of SMTP library in your Drupal site with calls to the GovDeliver...

SA-CORE-2010-002 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities and weaknesses were discovered in Drupal. OpenID authentication bypass The OpenID module provides users the ability to login to sites using an OpenID account. The OpenID module doesn't implement all the required verifications from the OpenID 2.0 protocol and is vulnerable...

SA-CONTRIB-2010-080 - Privatemsg - Cross Site Scripting

The Privatemsg module allows to send private messages between users. The module does not properly escape user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Any user with permission to write private messages is vulnerable to attack. Versions affected...

SA-CONTRIB-2010-088 - Content Construction Kit (CCK) - Access Bypass

The Content Construction Kit CCK project is a set of modules that allows you to add custom fields to nodes using a web browser. The CCK "Node Reference" module provides a backend URL that is used for asynchronous requests by the "autocomplete" widget to locate nodes the user can reference. In som...

SA-CONTRIB-2010-081 - FileField Sources - Arbitrary Code Execution

The FileField Sources module expands on the abilities of FileField, allowing users to select new or existing files through additional means, including: Reuse of existing files through an autocomplete textfield or IMCE, or transfering files directly from remote servers. The module does not sanitiz...

SA-CONTRIB-2010-079 - Devel (Performance logging) - Cross Site Scripting

The devel project is a suite of modules for developers and themers. Within the devel project, there is the performance logging module. The module does not escape URLs comprised of node paths, leading to a Cross Site Scripting XSS vulnerability. Users with the permission to access the reports that...

SA-CONTRIB-2010-078 - Kaltura - Information disclosure

The Kaltura module integrates the Kaltura open source video platform with Drupal. When installing, uninstalling, or configuring the module, it would surreptitiously inject a hidden iframe into the messages displayed to the administrator with the source pointing to corp.kaltura.com/stats/drupal...

SA-CONTRIB-2010-076 - Dashboard - Cross Site Scripting (CSS)

The dashboard module allows users to create a personalized set of pages of widgets created from existing blocks and nodes like iGoogle. The module does not escape user generated names for tags & titles associated with default widgets that are added to a user dashboard page, leading to a Cross Sit...

SA-CONTRIB-2010-077 - Sage Pay (former Protx) Direct Payment Gateway for Ubercart - Information Disclosure

The Sage Pay Direct Payment Gateway for Ubercart ucprotxvspdirect processes credit card transactions in Ubercart stores using the Sage Pay Direct service. The module may show remote 3-D Secure pages to the user in an iframe when their bank supports the Verified by Visa or MasterCard SecureCode...

SA-CONTRIB 2010-075 - Tagging - Cross Site Scripting

The Tagging module provides an alternative input widget and other features for taxonomy terms. The module does not properly escape user-provided content submitted to free-tagging vocabularies displayed on node previews, leading to a Cross Site Scripting XSS vulnerability. Any user with permission...

SA-CONTRIB-2010-073 - Multiple Vulnerabilities In Multiple Contributed Modules

Versions affected and proposed solutions Simple Gallery for Drupal 6.x This module creates a simple gallery using taxonomy and CCK imagefields. The module is vulnerable to a Cross Site Scripting XSS attack. This can be exploited by users with the ability to add taxonomy terms or tag content...

SA-CONTRIB-2010-074 - Drupad - Cross-site request forgery

The Drupad module is the companion module of the iPhone / iPodTouch application also called Drupad. The module doesn't check if the incoming request is made from the application, leading to a CSRF vulneraby. This vulnerability can be used to delete users and content, or set the site in offline mo...

SA-CONTRIB-2010-071 - MultiSafepay Integration - Cross Site Request Forgery

The MultiSafepay Integration module provides integration between the Ubercart e-commerce solution and the MultiSafepay payment system. The module is vulnerable to Cross Site Request Forgeries CSRF which would allow a malicious user to alter the status of orders or to trick other users into alteri...

SA-CONTRIB-2010-072: Hierarchical Select - Cross Site Scripting

The Hierarchical Select module provides a "hierarchicalselect" form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that...

SA-CONTRIB-2010-068 - Masquerade - Cross Site Request Forgery

The masquerade module is designed as a tool for site designers and administrators, allowing a user with the right permissions to temporarily masquerade as another user. The module is vulnerable to Cross Site Request Forgeries CSRF via the masquerade/switch and masquerade/unswitch paths. Versions...

SA-CONTRIB-2010-070 - Multiple vulnerabilities in multiple contributed modules

Versions affected and proposed solutions Easy Translator for Drupal 6.x The module is vulnerable to SQL injections. Solution: Disable the module. There is no safe version of the module to use. Block Queue for Drupal 6.x The Block Queue module allows users to create "queues" of blocks much like...

SA-CONTRIB-2010-069 - Case Tracker - Multiple Vulnerabilities

The Case Tracker module enables teams to track outstanding cases which need resolution by attaching a status, priority and type. Cross Site Scripting XSS The module does not sanitize some of the user-supplied data before displaying it, leading to a cross site scripting XSS vulnerability that may...

SA-CONTRIB-2010-067 - Views - Multiple vulnerabilities

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Cross Site Request Forgery CSRF The Views UI module, which is included with Views, can be used to enable/disable Views by following a link to a particular page e.g...

SA-CONTRIB-2010-066 - FileField - Cross Site Scripting

FileField module integrates with the Content Construction Kit to provide a file upload field. It also integrates with the Views and Token modules. The module does not sanitize some of the user-supplied data before displaying it for Drupal 6.x-3.x only, or before adding it to tokens both 5.x-2.x a...

SA-CONTRIB-2010-062 - Ogone | Ubercart payment - Access Bypass

Ogone | Ubercart payment is a payment module for Ubercart that integrates Ogone PSP gateway as a checkout method for Ubercart. The module does not always correctly verify the order status returned by the Ogone gateway, potentially allowing unpaid orders to be processed. Versions affected Ogone |...

SA-CONTRIB-2010-064 - Ubercart MIGS Payment Gateway - Web Parameter Tampering

The Ubercart MIGS Payment Gateway module provides support for the MIGS 3rd-party payment gateway used by ANZ, Commonwealth Bank, Bendigo Bank, and various other banks worldwide for payment processing. This module was susceptible to web parameter tampering which allowed users to bypass paying the...

SA-CONTRIB-2010-065 - Content Construction Kit (CCK) - Access Bypass

The Content Construction Kit CCK project is a set of modules that allows you to add custom fields to nodes using a web browser. The CCK "Node Reference" module can be configured to display referenced nodes as hidden, title, teaser or full view. Node access was not checked when displaying these...

SA-CONTRIB-2010-063 - Studio theme pack - Cross Site Scripting

Studio theme pack is a set of themes for use as a base in creating a new theme. The Canvas-theme, part of Studio theme pack and used as base theme for the Workspace and Paint themes, also included in Studio theme pack, does not sanitize some of the user-supplied data before displaying it, leading...

SA-CONTRIB-2010-060 - Scheduler - Cross Site Scripting

Scheduler allows nodes to be published and unpublished on specified dates. Scheduler does not sanitize titles for unpublished nodes on the scheduled nodes overview list, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full administrative access. The...

SA-CONTRIB-2010-061 - AddonChat - Multiple Vulnerabilities

The AddonChat module provides Drupal integration with the AddonChat Java chat room. Due to unsafe handling of the global $user object, failed authentication at the custom addonchatauth.php script will log in an attacker as the chosen user. Additionally, several configuration variables are not...

SA-CONTRIB-2010-052 - Multiple vulnerabilities in multiple contributed modules

Versions affected and proposed solutions Private Message versions for the 5.x versions of Drupal The Privatemsg also known as Private Message module enables messages to be sent internally on a site. The module is vulnerable to cross-site request forgeries CSRF via it's message delete form. This...

SA-CONTRIB-2010-054 - Storm - Cross Site Scripting (XSS)

The Storm project provides a group of modules for project management and billing. The module displays data entered by users without sanitising it, allowing for a cross site scripting XSS attack that may lead to a malicious user gaining full administrative access. Versions affected Storm project f...

SA-CONTRIB-2010-049 - Wordpress Import - Access bypass

The Wordpress Import module provides the ability to import nodes from a Wordpress WXR export file. The form to import a WXR file does not use the correct access permission and allows any user to upload arbitrary files and import data from a remote WRX file. Versions affected Wordpress Import for...

SA-CONTRIB-2010-051 - Heartbeat - Cross Site Scripting

The Heartbeat project contains a suite of modules to display user activity on a website. These modules do not properly sanitize some of their output, allowing certain users the ability to insert arbitrary HTML and script code. Such a cross site scripting XSS attack may lead to a malicious user...

SA-CONTRIB-2010-053 - External Link Page - Cross Site Scripting (XSS)

The External Link Page provides a content filter that redirects external links to a customizable page. This page informs the user that they are about to leave the site and then redirects them. The module does not sanitise data input in it's administration page before displaying it on redirect...

SA-CONTRIB-2010-059: Panels - Arbitrary PHP code execution

The Panels module allows a site administrator to create customized layouts for multiple uses. The "Mini panels" module, included with panels, was found to have an arbitrary PHP code execution vulnerability. Users with the 'create mini panels' permission could execute arbitrary PHP code on the...

SA-CONTRIB-2010-058: Chaos tool suite - Multiple vulnerabilities

The Chaos tool suite ctools is primarily a set of APIs and tools to improve the developer experience. This module was found to have multiple vulnerabilities. Cross site scripting XSS The module did not properly sanitize node titles under certain circumstances, resulting in multiple cross-site...

SA-CONTRIB-2010-050 - CAPTCHA - Cross Site Scripting

The CAPTCHA module enables a site administrator to put a CAPTCHA form element a simple challenge that is easy for humans, but hard for automated spam bots on any form. The CAPTCHA module does not sanitize the CAPTCHA description that is added as help text to the CAPTCHA form element, allowing use...

SA-CONTRIB-2010-056 - User Queue - Cross Site Request Forgery

The User Queue module allows you to create multiple queues, add users to them, and order the users within the queue. The module is vulnerable to cross-site request forgeries CSRF via the URL used to delete users from the queue. A user with "administer user queues" permission could be manipulated...

SA-CONTRIB-2010-055 - Simplenews - Access bypass

Simplenews publishes and sends email newsletters to lists of subscribers, with both anonymous and authenticated users being able to opt-in to mailing lists. The user subscription form does not use the correct access permission resulting in any user with the permission 'subscribe to newsletters'...

SA-CONTRIB-2010-057 - Rotor Banner - Cross Site Scripting (XSS)

The Rotor Banner module allows users to upload images which can then be displayed in a block and rotated through using jQuery. However, when these images are displayed, the values for the various image attributes srs, title, alt are not properly sanitized, leading to a cross site scripting XSS...

SA-CONTRIB-2010-048: CiviRegister - Cross Site Scripting

The CiviRegister module replaces the standard Drupal user registration form with a CiviCRM Profile form configured to create users. Notifications on the Profile's administrative page include unsanitized data obtained from the URL. A malicious user could create a special link which would inject...

SA-CONTRIB-2010-047: Services - Access Bypass

The Services module allows users to expose Drupal functionality to remote users. Services provides the ability for developers to define access callbacks in code for exposed services. When using session ID authentication without API key authentication, the module does not properly check access whe...

SA-CONTRIB-2010-045 - Auto Assign Role - Access bypass

The Auto Assign Role serves three primary purposes. The first is to provide an automatic assignment of roles when a new account is created. The second is to allow the end user the option of choosing their own role or roles when they create their account. The third is to provide paths that will...

SA-CONTRIB-2010-046: Award - Cross Site Scripting

The Award module allows administrators to identify one or more content types as "awards" that can be granted to users. When the title of an award is displayed on a user's profile page it is not properly sanitized, resulting in a cross site scripting vulnerability. Attackers must have the permissi...

SA-CONTRIB-2010-044: Bibliography - Cross Site Scripting

The Bibliography module enables users to manage and display lists of scholarly publications. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. This is mitigated by the fact that only users with the 'administer...