1940 matches found
SA-CONTRIB-2009-040 - Advanced Forum - Multiple vulnerabilities
Cross-site scripting The Advanced Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages. Such a cross-site scriptin...
SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities and weaknesses were discovered in Drupal. Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML an...
SA-CONTRIB-2009-039 - Links Package - Cross Site Scripting
The Links Package is a multi-module set for managing URL links in a master directory, and attaching them in various ways to your content pages. The Links Related module of the Links Package does not properly escape user input used as the title on certain pages. A user with privileges to create...
SA-CONTRIB-2009-038 - Nodequeue - Multiple vulnerabilities
The Nodequeue module enables an administrator to arbitrarily put nodes in a group for some purpose, such as providing a listing of nodes or featuring a particular node. It suffers from a cross-site scripting XSS vulnerability due to not properly sanitizing vocabulary names before they are...
SA-CONTRIB-2009-037 - Views - Multiple vulnerabilities
The Views module provides a flexible method for Drupal site designers to control how lists of content are presented. In the Views UI administrative interface when configuring exposed filters, user input presented as possible exposed filters is not correctly filtered, potentially allowing maliciou...
SA-CONTRIB-2009-036 - Services - Impersonation
The Services module provides integration of external applications with Drupal. Service callbacks may be used with multiple interfaces like XMLRPC, SOAP, REST, AMF. When key based access is enabled any user may view or add keys, allowing a third party to access services they would not otherwise be...
SA-CONTRIB-2009-035 - Booktree - Cross site scripting
Booktree takes as input a series of Book nodes and create a tree-like structure using Book node relationships.The Booktree module does not properly escape node title and node body on tree root pages. A user with privileges to create book pages could attempt a cross site scripting XSS attack which...
SA-CONTRIB-2009-034 - Taxonomy manager - Cross site scripting
The Taxonomy manager module provides additional tools for administering taxonomy through Drupal. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed. The module does not properly escape some user-supplied data...
SA-CONTRIB-2009-032 - Webform - Cross-site scripting
The Webform module provides a node type which is typically used to enable site visitors to fill in questionnaires, contact or request/registration forms, surveys, polls, or other forms on a Drupal site. When displaying the results of Webform submissions, the module does not properly filter user...
SA-CONTRIB-2009-033 - Quiz - Cross site scripting
The Quiz module provides tools for authoring and administering quizzes through Drupal. A quiz is given as a series of questions, with only one question appearing per page. Scores are then stored in the database. The module does not properly escape user-supplied data on some pages, allowing...
SA-CONTRIB-2009-031 - Ajax Session - Multiple vulnerabilities
The Ajax session module allows users to set PHP session variables using AJAX. The module does not make proper use of the Drupal API, leaving it open to multiple vulnerabilities, including Cross Site Request Forgeries CSRF and Cross Site Scripting XSS. Versions affected Ajax Session 5.x-1.0 Drupal...
SA-CONTRIB-2009-030 - Email Verification - Information disclosure / Cross Site Scripting
The Email Verification module tries to verify user email addresses by talking to the appropriate SMTP host. It also allows the administrator to access a list of not confirmed email addresses. In the Drupal 5 version, this list is only protected by the "access content" permission, hence allowing a...
SA-CONTRIB-2009-029 - Views Bulk Operations - Access Bypass
Views Bulk operations allows registered procedures called actions to be applied on a result set of Drupal nodes, returned by the Views module. Through the Views Bulk Operations interface, it is possible to let users who are not authorized to update specific nodes or classes of nodes, to still app...
SA-CONTRIB-2009-026 - LoginToboggan - Access bypass
LoginToboggan includes a setting which, if enabled, allows users to log in using either their username or e-mail address. In some circumstances, previously blocked users may still be able to access the site if this setting is enabled. Versions affected LoginToboggan 6.x-1.x prior to 6.x-1.5...
SA-CORE-2009-006 - Drupal core - Cross site scripting
When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...
SA-CONTRIB-2009-027 - Printer, e-mail and PDF versions - Cross-site scripting
When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...
SA-CONTRIB-2009-028 - Feed Block - Cross Site Scripting
The Feed Block module creates a block with one externalsyndicated article for each feed source from selected feed category. Feed block doesn't properly escapes aggregator items allowing users with administer news feeds permission to inject arbitrary code into the site. Such a cross site scripting...
SA-CONTRIB-2009-022 - Exif - Cross Site Scripting
The Exif module enables users to display EXIF tags in images on the site. EXIF tags are not properly filtered for HTML input, allowing users with permission to upload images to inject arbitrary code into the site using a specially crafted image. Such a cross site scripting XSS attack may lead to ...
SA-CONTRIB-2009-023 - News Page - SQL injection
The News Page module provides a node content type which displays feed items from an aggregator category, filtered by keywords entered into the 'Include Words' field of the node. Unfortunately the News Page module uses keywords directly in SQL queries without being sanitized, allowing SQL injectio...
SA-CONTRIB-2009-024 - Node Access User Reference - Access Bypass
Node Access User Reference enables administrators to automatically grant node access view, update, or delete to a node where the user is referenced by CCK user reference. When such a field is saved with an empty value, Node Access User Reference mistakes this for a reference to the anonymous user...
SA-CORE-2009-005 - Drupal core - Cross site scripting
When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...
SA-CONTRIB-2009-025 - Fivestar - Cross-site request forgery
The Fivestar module provides a voting widget for content and records votes using Ajax. The URL used by the javascript to register votes is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Fivestar 5.x-1.x prior to...
SA-CONTRIB-2009-019 - Localization client - Cross site scripting
The Localization client module allows you to translate the interface of your Drupal site from within each page as you go. When displaying translatable strings and their completed translations, the module does not escape the data. If used to translate the Drupal core interface, this is not a...
SA-CONTRIB-2009-020 - Print - Cross site scripting
The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module does not correctly escape content titles, enabling malicious users to insert arbitrary HTML and scripts into certain pages. Such a cross site scripting XSS attack against sufficiently...
SA-CONTRIB-2009-021 CCK comment reference - Cross site scripting
CCK comment reference project, lets administrators define node fields that are references to comments. When displaying a node edit form, the titles of candidate referenced comments are not properly filtered, allowing malicious users to inject arbitrary code on those pages. Such a cross site...
SA-CONTRIB-2009-018 - Feed element mapper - Cross site scripting
Feed element mapper is an Add-on module for FeedAPI that maps elements on a feed item such as tags or the author name to taxonomy or CCK fields. These mappings are configurable by point and click. The module does not escape content titles enabling malicious users to insert arbitrary HTML and...
SA-CONTRIB-2009-015 - Tokenauth - Access bypass
The Token authentication module allows access to RSS feeds via a token without having to provide your username and password to the site. Token authentication did not properly use the Drupal Form API which would allow a malicious user to learn the site administrator's token giving them the ability...
SA-CONTRIB-2009-017 - Vote Up/Down - Cross-site request forgery
The Vote Up/Down module provides a voting widget for content that records votes using Ajax. The URL for voting is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Vote Up/Down 5.x-1.x prior to 5.x-1.1 Vote Up/Down...
SA-CONTRIB-2009-016 - Wikitools - Cross site scripting
The Wikitools module provides several options to get a more wiki-like behavior for Drupal. On several pages, the Wikitools module prints out a parameter without escaping it. Malicious users are thus able to execute a cross site scripting XSS attack when they entice users to visit a specifically...
SA-CONTRIB-2009-014 - CCK Field Privacy - Access Bypass
CCK Field Privacy was incorrectly updated for the Drupal 6.x menu system in such a way that the intended access controls for the administrative pages are by-passed for unprivileged users. This may allow users to change permissions on fields and lead to exposure of private content. Versions affect...
SA-CONTRIB-2009-012 - Printer, e-mail and PDF versions - Unrestricted e-mailing (spam)
The "Send by e-mail" module, part of the "Printer, e-mail and PDF versions" project, allows users to send e-mail messages while viewing content on the site. This module was found to have multiple vulnerabilities. Unrestricted e-mailing spam Due to improper use of Drupal's flood control API, it is...
SA-CONTRIB-2009-011 Tasklist - SQL injection and Cross site scripting
Tasklist does not properly use the Drupal database API and inserts values from the URL directly into queries. This can be exploited to perform SQL Injection attacks. These attacks may lead to a malicious user gaining full administrator access. In addition, Tasklist allows users to add CSS to page...
SA-CONTRIB-2009-013 CCK - Cross site scripting
The Node reference and User reference sub-modules, which are part of the Content Construction Kit CCK project, lets administrators define node fields that are references to other nodes or to users. When displaying a node edit form, the titles of candidate referenced nodes or names of candidate...
SA-CONTRIB-2009-010 Plus 1 - Cross-site request forgery
The Plus 1 module provides a voting widget for content that records votes using Ajax. The URL for voting is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Versions of Plus 1 prior to 6.x-2.6 Drupal core is not...
SA-CONTRIB-2009-009 Forward module can be used as a spam relay
This vulnerability allows spammers or spambots to use sites with the Forward module installed to send nearly unlimited e-mail. Due to improper use of Drupal's flood control API, it is possible for one user to send an unlimited numbers of mails using the forward module. Important note : the securi...
SA-CONTRIB-2009-008 - Taxonomy Theme - Cross site scripting
The Taxonomy Theme module allows a website adminstrator to change the theme of a given content item based on taxonomy, vocabulary or content type. It does not properly sanitize user-supplied data on a number of places. This allows users with the "administer taxonomy" permission, or, when tagging ...
SA-CORE-2009-004 - Local file inclusion on Windows
Reference: SA-CORE-2009-003 6.x This vulnerability exists on Windows, regardless of the type of webserver Apache, IIS used. The Drupal theme system takes URL arguments into account when selecting a template file to use for page rendering. While doing so, it doesn't take into account how Windows...
SA-CORE-2009-003 - Local file inclusion on Windows
This vulnerability exists on Windows, regardless of the type of webserver Apache, IIS used. The Drupal theme system takes URL arguments into account when selecting a template file to use for page rendering. While doing so, it doesn't take into account how Windows arrives at a canonicalized path...
SA-CONTRIB-2009-006 - Troll - Cross site request forgeries
The Troll module provides management tools for community sites to deal with badly behaved users, known as "trolls", including banning users by IP address, advanced user searching, and blocking users by role. The module does not properly implement the Drupal Form API which makes it vulnerable to...
SA-CONTRIB-2009-007 - Advertisement Cross-site scripting
The Advertisement module displays and tracks advertisements on Drupal websites. Unsanitized text is displayed in several places, allowing users with "administer advertisements" permissions to execute arbitrary code. Users with "administer advertisements" permissions have the ability to configure...
SA-CONTRIB-2009-005 - Views bulk operations - Cross site scripting
Views bulk operations augments Views by enabling bulk operations to be executed on the content displayed by a view. Views bulk operations does not properly escape user-supplied data on some pages, allowing malicious users to insert arbitrary HTML and script code into these pages. Such a cross sit...
SA-CONTRIB-2009-004 - Notify - Privilege escalation
A user triggering the cron processing of the Notify module may end up getting logged in as another user when the Notify operations do not complete succesfully. Versions Affected Versions of Notify for Drupal 5.x prior to 5.x-1.2 Drupal core is not affected. If you do not use the Notify module,...
SA-CONTRIB-2009-003 - Internationalizaion (i18n) Translation module - Access bypass
The third-party i18n module enables users to make a translation of an existing item of content a node. In that process the existing node's content is copied into the new node. The module contains a flaw that allows a user with the 'translate node' permission to potentially bypass normal viewing...
SA-CORE-2009-001 Drupal core - Multiple vulnerabilities
Multiple vulnerabilities and weaknesses were discovered in Drupal. Access Bypass The Content Translation module for Drupal 6.x enables users to make a translation of an existing item of content a node. In that process the existing node's content is copied into the new node's submission form. The...
SA-CONTRIB-2009-001 - Project release - Multiple vulnerabilities
Exploitable from: Remote Vulnerabilities: Arbitrary file upload, Cross-site scripting XSS The Project release module is a component within the broader Project module. This announcement covers the following two issues: 1. Project release enables file attachments to create a specific version of cod...
SA-CONTRIB-2009-002 - Project issue tracking - Multiple vulnerabilities
This announcement covers the following two issues for the Project issue tracking module. 1. Under certain conditions, users may receive email updates for issues which they do not have proper access rights to. This issue is mainly a problem for sites that use a contributed node access module,...
SA-2008-074 - Services - Insecure signing
Services is a module which provides an API for exposing Drupal functions. It allows clients to remotely call methods on the server and return the requested data for local processing. The module doesn't sign enough of the information that passes through it and uses an insecure hash for signing a...
SA-2008-075 - Views - SQL Injection
The Views module provides a flexible method for Drupal site designers to control how lists of content are presented. When using an exposed filter on CCK text fields with allowed values, Views does not filter the data correctly. This may allow malicious users to conduct SQL injection attacks again...
SA-2008-073 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities and weaknesses were discovered in Drupal. Cross site request forgery The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser user 1 to execute old updates that may damage the database. Cross site scripting When an input...
SA-2008-072 - Storm Project - SQL injection
Storm SpeedTech Organization and Resource Manager is a project management application for Drupal. Unfortunately the Storm module allows users with access to the storm projects to enter input values which are then used directly in SQL queries without being sanitized, enabling SQL injection attacks...