1940 matches found
SA-2008-071 - User Karma - Multiple vulnerabilities
The User Karma module displays and manages karma points of users. How karma points are calculated is defined by other modules which hook into the User Karma module. Unfortunately the User Karma module allows administrators to enter a list of content types and voting API values which are then used...
SA-2008-070 - Comment Mail - Cross site request forgery
The Comment Mail module allows an email to be sent to the site administrators when new comments are posted. Links in the email allow for quick approval, editing, deletion of the comment and/or banning of the poster's IP address. Unfortunately some links are vulnerable to cross site request...
SA-2008-069 - CCK for 5.x and 6.x - XSS vulnerabilities
The Content Construction Kit CCK allows certain privileged users to add custom fields to content types using a web browser. Some field labels and content-type names are displayed without appropriate filtering in the administrative interface. Malicious users with the "administer content" permissio...
SA-2008-067 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities and weaknesses were discovered in Drupal. File inclusion On a server configured for IP-based virtual hosts, Drupal may be caused to include and execute specifically named files outside of its root directory. This bug affects both Drupal 5 and Drupal 6. Cross site scriptin...
SA-2008-068 - Localization client and Localization server - Cross site request forgery
The Localization client module allows you to translate the interface of your Drupal site from within each page as you go. The Localization server module provides a community translation interface for translating Drupal modules and themes and is primarily used by Drupal translation teams. The serv...
SA-2008-064 - Node Vote - SQL injection vulnerability
The Node Vote module allows authorized users to vote on certain types of nodes. If the administrator has enabled the "Allow user to vote again" setting for the Node Vote module, malicious user can inject SQL when changing a previously cast vote. This is because Node Vote does not properly use the...
SA-2008-065 - Node Clone - Access bypass
The third-party Node Clone module enables users to make a copy of an existing item of content a node, and then edit that copy. The module contains a flaw that allows a user with the 'clone node' permission to potentially bypass normal viewing access restrictions, for example allowing the user to...
SA-2008-066 - Shindig-Integrator - Multiple vulnerabilities
Shindig-Integrator integrates the open social Shindig container with Drupal. The module contains numerous flaws. Among them are the following issues. Malicious users are able to insert arbitrary HTML and script code into certain module generated pages. Such a Cross site scripting vulnerability ca...
SA-2008-061 - Everyblog - Multiple vulnerabilities
The module does not follow Drupal best practices for database queries and handling of user submitted data, leading to a number of vulnerabilities. Of special concern is that an unprivileged user may become logged in to the account of an existing user, including an administrator. Versions Affected...
SA-2008-062 - SIOC - access bypass
The SIOC Semantically-Interconnected Online Communities project is an open specification for describing communities using online discussion forums or blogs, the module allows Drupal sites to attach metadata to users, posts, comments etc. in line with this specification. The module doesn't impleme...
SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates
Several contributed modules were incorrectly updated for the Drupal 6.x menu system in such a way that the intended access controls are likely to be by-passed by unprivileged users. In some cases, this includes access to the administrative functions of these modules, or access to content the user...
SA-2008-060 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities and weaknesses were discovered in Drupal. File upload access bypass A logic error in the core upload module validation allowed unprivileged users to attach files to content. This bug affects Drupal 6.x only. Users can view files attached to content which they do not...
SA-2008-059 - Brilliant Gallery - SQL Injection and Cross Site Scripting
The Brilliant Gallery module allows users to publish photos in galleries. Two vulnerabilities were found in the module. SQL Injection Brilliant Gallery does not properly use the Drupal database API and inserts values from URLs directly into queries. This can be exploited to perform SQL Injection...
SA-2008-058 - Brilliant Gallery - SQL Injection
The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with the "access brilliantgallery" permission to perform SQL Injection attacks. These attacks may lead to the malicious user gaining...
SA-2008-055 - Stock - Cross site scripting
The stock module provides the ability to query price quotes and trading volumes from various stock markets. An oversight in the menu permissions code allows any user to change the text of the heading at the top of the stock quotes page. As this text is not escaped, it is safe only for an...
SA-2008-056 - Simplenews - Cross site scripting
Simplenews publishes and sends newsletters to lists of subscribers. Newsletter categories are not always properly escaped. This allows users with the "administer taxonomy" permission to add arbitrary HTML and script code to the site. Wikipedia has more information about such cross site scripting...
SA-2008-054 - Plugin Manager - Access bypass
The Plugin Manager module provides the methods and graphical interfaces needed to automatically install new modules and themes from the Drupal.org website. An oversight in the menu permissions code allows any user to uninstall and remove modules installed with the Plugin Manager. This risk is onl...
SA-2008-057 - Ajax Checklist - Multiple vulnerabilities
The Ajax Checklist module implements a filter that allows a user to include checkboxes into content. The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with the "update ajax checklists"...
SA-2008-053 - Answers - Cross site scripting
The Answers module allows a site owner to add a Questions & Answer section to the site. Unfortunately, the module does not properly escape text, which allows malicious users who are able to post answers to insert arbitrary HTML and scripts into a page. Wikipedia has more information about such...
SA-2008-052 - Link To Us - Cross site scripting
The Link To Us module creates a page to display uploaded banners that can be used by others to link to your Drupal site. The module will create well formed SEO links with full title, alt and anchor text determined by the node title, taxonomy term or other pages that are directed to the module...
SA-2008-051 - Mailsave - Cross site scripting
Mailsave is a module that is designed to interact with mailhandler. It will detach files that are emailed to the site and save them with the node. The module trusts the mimetype that is send with the file enabling malicious users with the ability to upload files to execute cross site scripting...
SA-2008-050 - Mailhandler - SQL injection
The Mailhandler module allows users to create or edit nodes and comments via email. One vulnerability was found in the module. SQL Injection Mailhandler does not properly use the Drupal database API and inserts values from mails directly into queries. This can be exploited to perform SQL Injectio...
SA-2008-049 - Talk - Multiple vulnerabilities
The Talk module for Drupal 5.x and 6.x creates a "Talk" tab for nodes in which the comments belonging to the node are displayed. Two vulnerabilities and weaknesses were discovered in the contributed Talk module. Cross site scripting The node title is treated as if it was safe text, and is not...
SA-2008-048-b - CCK - Cross site scripting
Update This security announcement is an update of the SA-2008-048 announcement which advised to upgrade CCK for Drupal 5.x to 5.x-1.8. You should now upgrade CCK for Drupal 5.x to 5.x-1.9. The Content Construction Kit CCK allows certain privileged users to add custom fields to content types using...
SA-2008-047 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities and weaknesses were discovered in Drupal. Cross site scripting A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by th...
SA-2008-046 - Drupal core - Session fixation
When contributed modules such as Workflow NG terminate the current request during a login event, user module is not able to regenerate the user's session. This may lead to a session fixation attack, when a malicious user is able to control another users' initial session ID. As the session is not...
SA-2008-036 - Profile search - SQL Injection
The Profile search module provides a way for users to search users by all profile fields, as provided by the profile module in core. Numerous values are used in SQL strings without being properly sanitized. Users with the "access user profiles" permission can use these values to execute SQL...
SA-2008-045 - OpenID - Multiple vulnerabilities
The OpenID module for Drupal 5.x allows uses to create an account or log into a Drupal site using one or more OpenID identities. Find out more about OpenID at http://openid.net. Two vulnerabilities and weaknesses were discovered in the contributed OpenID module. Cross site scripting Some...
SA-2008-044 - Drupal core - Multiple vulnerabilities
Multiple vulnerabities and weaknesses were discovered in Drupal. Neither of these are readily exploitable. Cross site scripting Free tagging taxonomy terms can be used to insert arbitrary script and HTML code cross site scripting or XSS on node preview pages. A successful exploit requires that th...
SA-2008-041 - Taxonomy autotagger - Multiple vulnerabilities
The Taxonomy Autotagger will automatically tag a post with terms from a vocabulary if the terms are found in the content of the post. The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with th...
SA-2008-042 - Tinytax - Cross site scripting
The Tinytax taxonomy block displays a vocabulary as a tree within a block. The module displays certain values without appropriate filtering. Malicious users with the permission to create taxonomy terms are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cro...
SA-2008-043 - Outline designer - Privilege escalation
The Outline designer module provides a visual way of structuring content in books. A programming error in the module causes the current user to become authenticated as the author of the viewed content item. Versions affected Outline designer for Drupal 5.x prior to 5.x-1.4. Drupal core is not...
SA-2008-040 - Organic Groups - Cross site scripting and information disclosure
Organic groups enables users to create and manage their own 'groups'. Each group can be subscribed to, and includes a group home page where subscribers can communicate amongst themselves. Two vulnerabilities were found in the module. Cross site scripting The module displays certain values without...
SA-2008-039 - Suggested terms - Cross site scripting
This module provides "suggested terms" for free-tagging Taxonomy fields based on terms already submitted. Taxonomy terms as presented in the clickable list are not properly sanitized. Users who are able to create new terms are able to insert arbitrary script code and HTML into certain edit pages...
SA-2008-037 - TrailScout - XSS and SQL injection
The TrailScout module displays a number of last visited pages as breadcrumbs. The module displays certain values without appropriate filtering. Malicious users with the permission to create posts are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cross sit...
SA-2008-038 - Services - Arbitrary code execution
The Services module package was created out of a need for a standardized solution to integrate external applications with Drupal. It builds on concepts from Drupal core's XMLRPC interface, but abstracts service callbacks so that they may be used with multiple interfaces such as XMLRPC, SOAP, REST...
SA-2008-032 - Magic Tabs - Arbitrary code execution
Magic Tabs provides an implementation of tabs filled via AJAX requests. Malicious users are able to run arbitrary PHP code via URL arguments to Magic Tabs as it does not provide a whitelist of callbacks. Versions affected Magic Tabs for Drupal 5.x prior to Magic Tabs 5.x-1.1 Drupal core is not...
SA-2008-033 - Taxonomy Image - Cross site scripting
The contributed module Taxonomy Image allows the display of images associated with taxonomy terms. Several values are displayed without being escaped, which enables users to inject arbitrary HTML and script code on pages Cross Site Scripting. This may lead to administrator access. Versions affect...
SA-2008-034 - Node Hierarchy - Access bypass
The contributed module Node Hierarchy allows nodes to be children of other nodes creating a tree-like hierarchy of content. Due to incorrectly implemented access checks, any user with the "access content" permission is able to rearrange the hierarchy. No private data is exposed, and no content ca...
SA-2008-035 - Aggregation - Multiple vulnerabilities
The Aggregation module syndicates content from external feeds saving them as nodes. A significant amount of vulnerabilities were discovered in the module: Cross site scripting - Numerous values are displayed without being properly escaped or filtered, which enables users to inject arbitrary HTML...
SA-2008-031 - Pblog - Incorrect vulnerability report
Exploitable from: Remote Subject: Incorrect vulnerability report Several 'security'-related sources claim - with SecurityFocus as source http://www.securityfocus.com/bid/29495/info - that the third-party Drupal module Pblog is vulnerable to SQL injection attacks. The Drupal security team has...
SA-2008-030 - Site Documentation - Privilege escalation
The contributed module Site Documentation intends to assist developers and administrators when they start working with a new site by showing them information from the database. All users with the "access content" permission are able to use the module to list arbitrary tables from the database. In...
SA-2008-027 - Ubercart - Cross site scripting
When certain product features were being edited, node titles were being printed to the screen as entered by the user. If a store owner had granted product creation rights to a non-secure user, this would provide an opportunity for a malicious user to perform a cross site scripting attack when...
SA-2008-028 - Internationalization and Localizer - Cross site scripting
The Internationalization i18n and Localizer modules add multi-lingual capabilities to Drupal sites. They provide control over a site's user interface language, the ability to enter and control content in multiple languages, and can detect the browser language. Several values are displayed without...
SA-2008-029 - E-Publish - Cross site scripting and Cross site request forgeries
The contributed module E-Publish helps organize a group of nodes into a publication, such as a newspaper, magazine or newsletter. The Drupal Forms API protects against Cross Site Request Forgeries CSRF, where a malicious site can cause a user to unintentionally take actions on another site where...
SA-2008-026 - Drupal core - Access bypass
The menu system routes page requests to appropriate handlers. It also determines whether a user has access to pages based on several criteria, such as permissions assigned to a role. Drupal 6 features an entirely revised menu system, including changes to the way access is dealt with, which if not...
SA-2008-025 - Simple access - Access bypass
The Simple Access module is a node access module that allows administrators to make some nodes private and/or editable by certain user roles. The module contains a flaw that results in the privacy information for a node being lost under certain conditions. These conditions are usually triggered v...
SA-2008-024 - Webform - Cross site scripting
The contributed webform module provides a webform nodetype. Typical uses for webform are to create questionnaires, contact or request/register forms, surveys, polls or a front end to issues tracking systems. On several points in the codebase, user-supplied data is not escaped before it is...
SA-2008-023 - Ubercart - Cross site scripting
During checkout in Ubercart enabled stores, customers have text fields in which to enter their address and order information. Some stores will have modules enabled that restrict what sort of values are accepted in these fields, but this is not the case for everyone. This provides an opportunity f...
SA-2008-022 - Flickr - Cross site scripting
The Flickr module allows one to access photos on one's site via the Flickr API. The module provides a filter for inserting photos and photosets and blocks for a user's recent photos and photosets. Several values are displayed without being escaped, which enables users to inject arbitrary HTML and...