Lucene search
K
DrupalRecent

1940 matches found

Drupal
Drupal
added 2008/03/23 12:0 a.m.15 views

SA-2008-021 - Live - Cross site request forgery

The contributed module Live provides previews of content items while typing them. Live is vulnerable to a cross site request forgery which may lead to execution of PHP code when an authenticated, privileged user visits a malicious site. Versions affected Live for Drupal 5.x before Live 5.x-0.1...

7.1AI score
Exploits0References3
Drupal
Drupal
added 2008/03/12 12:0 a.m.12 views

SA-2008-020 - Ubercart - Cross site scripting

The attribute module allows customers to enter a text value as an attribute for a product, like a name to stitch into a hat. However, when these text values were displayed in the shopping cart or on order pages, there was a possibility for a malicious user to perform a cross site scripting attack...

6.5AI score
Exploits0References4
Drupal
Drupal
added 2008/03/05 12:0 a.m.8 views

SA-2008-019 - Refine by Taxonomy - Cross site scripting

Refine by Taxonomy is a module that provides a taxonomy browsing user interface. Taxonomy terms are not escaped before display, making it possible to inject arbitrary HTML and script code into pages which contain the Refine by Taxonomy feature. This may lead to administrator access if certain...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2008/02/27 12:0 a.m.515 views

SA-2008-018 - Drupal core - Cross site scripting

Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages. The Drupal.checkPlain function, used to escape text in ECMAScript, contains a bug which causes it to escape only the first instance of a character,...

6.2AI score
Exploits0References5
Drupal
Drupal
added 2008/02/13 12:0 a.m.17 views

SA-2008-017 - Header image - Access bypass

The Header image module allows sites to display an image on selected pages based on the node id, path, taxonomy, node type, containing book or the result of PHP code. The module contains a vulnerability where access to the module's administration pages is granted to any user, including the...

7.1AI score
Exploits0References4
Drupal
Drupal
added 2008/01/30 12:0 a.m.14 views

SA-2008-015 - Comment Upload - Arbitrary file upload

Comment upload enables file attachments for comments. To do so it uses and subverts various functions from the upload module that are present in Drupal core. In certain, common cases, comment upload passes incorrect data to the upload validation functions, resulting in a validation bypass, which...

6.8AI score
Exploits0References5
Drupal
Drupal
added 2008/01/30 12:0 a.m.11 views

SA-2008-016 - OpenID - Incorrect claimed_id returned for OpenID 2.0

The OpenID module has a vulnerability which allows OpenID version 2.0 positive assertions that are not properly verified to return an invalid or impersonated claimedid. To exploit this vulnerability an attacker could set up an OpenID provider, example1.com, that claimed to be the authority for...

6.9AI score
Exploits0References5
Drupal
Drupal
added 2008/01/30 12:0 a.m.20 views

SA-2008-011 - Securesite - Access bypass

The Secure Site module provides functions for placing your site behind HTTP based authentication. The module contains a flaw that allows an attacker who is behind the same proxy as a logged in user, to access the site as if the attacker is the user. Versions affected Secure Site for Drupal 5.x an...

6.7AI score
Exploits0References5
Drupal
Drupal
added 2008/01/30 12:0 a.m.16 views

SA-2008-012 - Project issue tracking - XSS vulnerability in comment summary tables

The Project issue tracking module provides a summary table to show changes in issue states between comments. Users who have certain editing rights may be able to inject arbitrary code on pages containing these tables. Wikipedia has more information about cross site scripting XSS. Versions affecte...

6.5AI score
Exploits0References8
Drupal
Drupal
added 2008/01/30 12:0 a.m.11 views

SA-2008-014 - Userpoints - Cross site request forgery

Userpoints is a system for keeping track of points earned on a site. It can be used to reward users for contributions to a community and also for ecommerce transactions. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicious site can cause a user to...

6.7AI score
Exploits0References6
Drupal
Drupal
added 2008/01/30 12:0 a.m.12 views

SA-2008-013 - Project issue tracking - Arbitrary file upload

The Project issue tracking module has a vulnerability where new issues are not properly validated. If the core Upload module is enabled on issue nodes the recommended configuration for the 5.x-2. series, this vulnerability can be used to attach malicious files to new issues, regardless of the...

6.5AI score
Exploits0References8
Drupal
Drupal
added 2008/01/23 12:0 a.m.20 views

SA-2008-009 - Workflow - Cross site scripting

The Workflow module allows the creation and assignment of arbitrary workflows to Drupal node types. Workflow does not escape certain node properties on output. It is therefore possible to inject arbitrary HTML and script code into certain workflow messages such as those displayed on the workflow...

6.5AI score
Exploits0References6
Drupal
Drupal
added 2008/01/23 12:0 a.m.12 views

SA-2008-10 - Archive - Cross site scripting

The Archive module provides a replacement for the archive functionality that was present in Drupal 4.7. Certain URL arguments are not escaped before display. It is therefore possible to inject arbitrary HTML and script code into certain archive pages, which may lead to administrator access if...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2008/01/14 12:0 a.m.15 views

SA-2008-008 - Meta tags - Arbitrary code execution

The Meta tags module, also known as Nodewords, adds HTML META tags to node, panel and view pages. If the site is configured to allow images in the body of any node type, any user that can create this node type is able to execute arbitrary code on the server. Versions affected Meta tags for Drupal...

7.8AI score
Exploits0References4
Drupal
Drupal
added 2008/01/10 12:0 a.m.487 views

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

When outputting plaintext Drupal strips potentially dangerous HTML tags and attributes from HTML, and escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are invalid in the...

6.5AI score
Exploits0References7
Drupal
Drupal
added 2008/01/10 12:0 a.m.501 views

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

When theme .tpl.php files are accessible via the web and the PHP setting registerglobals is set to enabled, anonymous users are able to execute cross site scripting attacks via specially crafted links. Drupals .htaccess attempts to set registerglobals to disabled and also prevents access to...

6.5AI score
Exploits0References2
Drupal
Drupal
added 2008/01/10 12:0 a.m.14 views

SA-2008-002 - Atom - Access bypass

The Atom module provides a list of node titles, and teasers or bodies as part of a syndication feed. In certain conditions, the titles, teasers, and body were not respecting access permissions, potentially exposing content to syndication not available otherwise. Versions affected Atom for Drupal...

7AI score
Exploits0References5
Drupal
Drupal
added 2008/01/10 12:0 a.m.12 views

SA-2008-001 - Devel - Cross site scripting

The devel module contains many useful developer functions, such as a query log and the display of variables. The contents of the variable table is not escaped prior to display. Should an unprivileged user be able to control the contents of a site variable, it would be possible to inject arbitrary...

6.3AI score
Exploits0References5
Drupal
Drupal
added 2008/01/10 12:0 a.m.10 views

SA-2008-003 - BUEditor - CSRF

BUEditor is a plain textarea editor aiming to facilitate code writing. It supports completely customizable interface and button functionality via role-based editors. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicous site can cause a user to unintentionally...

6.9AI score
Exploits0References5
Drupal
Drupal
added 2008/01/10 12:0 a.m.507 views

SA-2008-005 - Drupal core - Cross site request forgery

The aggregator module fetches items from RSS feeds and makes them available on the site. The module provides an option to remove items from a particular feed. This has been implemented as a simple GET request and is therefore vulnerable to cross site request forgeries. For example: Should a...

6.7AI score
Exploits0References5
Drupal
Drupal
added 2008/01/10 12:0 a.m.12 views

SA-2008-004 - Fileshare - Arbitrary code execution

The fileshare module is used to create nodes that allow browsing, uploading, downloading and deleting of files from a fileshare directory that is created by Drupal and linked to the node. Users who are able to create fileshare nodes are able to execute arbitrary code on the server. Versions...

7.7AI score
Exploits0References1
Drupal
Drupal
added 2007/12/05 12:0 a.m.11 views

SA-2007-032 - Shoutbox - Cross site scripting

Message sent from the Shoutbox block, where visitors can quickly post short messages, are not properly sanitized in a number of cases. This allows malicious users to inject arbitrary HTML and script code into the block. Learn more about cross site scripting on Wikipedia. Versions affected Shoutbo...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2007/12/05 12:0 a.m.11 views

SA-2007-033 - Feature - CSRF

Feature is a contributed module that lets you organize and maintain a feature list by category. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicous site can cause a user to unintentionally submit a form to a site where he is authenticated. The feature deletio...

6.6AI score
Exploits0References4
Drupal
Drupal
added 2007/12/05 12:0 a.m.485 views

SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

The function taxonomyselectnodes directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomyselectnodes, this is a weakness in Drupal core. Several contributed modules, such as taxonomymenu, ajaxLoader, and ubrowse...

8AI score
Exploits0References9
Drupal
Drupal
added 2007/10/17 12:0 a.m.19 views

SA-2007-025 - Drupal core - Arbitrary code execution via installer.

The Drupal installer allows any visitor to provide credentials for a database when the site's own database is not reachable. This allows attackers to run arbitrary code on the site's server. An immediate workaround is the removal of the file install.php in the Drupal root directory. Versions...

7.5AI score
Exploits0References3
Drupal
Drupal
added 2007/10/17 12:0 a.m.17 views

SA-2007-026 - Drupal Core - Cross site scripting via uploads

The allowed extension list of the core Upload module contains the extension HTML by default. Such files can be used to execute arbitrary script code in the context of the affected site when a user views the file. Revoking upload permissions or removing the .html extension from the allowed extensi...

6.8AI score
Exploits0References6
Drupal
Drupal
added 2007/10/17 12:0 a.m.15 views

SA-2007-029 - Drupal core - User deletion cross site request forgery

The Drupal Forms API protects against cross site request forgeries CSRF, where a malicous site can cause a user to unintentionally submit a form to a site where he is authenticated. The user deletion form does not follow the standard Forms API submission model and is therefore not protected again...

6.7AI score
Exploits0References3
Drupal
Drupal
added 2007/10/17 12:0 a.m.36 views

SA-2007-024 - Drupal Core - HTTP response splitting

In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of issues, among them cache...

7.7AI score
Exploits0References5
Drupal
Drupal
added 2007/10/17 12:0 a.m.9 views

SA-2007-028 - Weblinks - Cross site scripting

User input is not properly sanitized on a number of pages. This allows malicious users to inject arbitrary HTML and script code into these pages, which may lead to administrator access if certain conditions are met. Learn more about cross site scripting on Wikipedia. Versions affected Weblinks fo...

6.4AI score
Exploits0References6
Drupal
Drupal
added 2007/10/17 12:0 a.m.18 views

SA-2007-030 - Drupal Core - API handling of unpublished comment.

The publication status of comments is not passed during the hookcomments API operation, causing various modules that rely on the publication status such as Organic groups, or Subscriptions to mail out unpublished comments. Versions affected Drupal 4.7.x before version 4.7.8 Drupal 5.x before...

7.1AI score
Exploits0References5
Drupal
Drupal
added 2007/10/17 12:0 a.m.17 views

SA-2007-027 - Token - Cross site scripting

Several server variables are not escaped consistently. When a malicious user is able to enter comments and then entice a victim to visit a webpage, arbitrary HTML and script code can be injected and executed in the context of the victim's session on the targeted website. For example, a malicious...

6.6AI score
Exploits0References15
Drupal
Drupal
added 2007/10/03 12:0 a.m.13 views

SA-2007-022 - Boost - file overwrite

The Boost module provides a static file-based cache of Drupal pages for anonymous users. A vulnerability allows an attacker to create or overwrite any filename in any directory that the web server can write to. The affected file will always contain the fully rendered HTML for a single Drupal page...

6.8AI score
Exploits0References2
Drupal
Drupal
added 2007/09/27 12:0 a.m.12 views

SA-2007-021: Project issue tracking - XSS vulnerabilities in subscription forms.

The Project issue tracking module provides a subscription functionality enabling users to sign up for e-mail notification of issue updates. The subscriptions can be edited on both an individual or overview form. Users who have permissions to create or edit projects may be able to inject arbitrary...

6.7AI score
Exploits0References7
Drupal
Drupal
added 2007/08/20 12:0 a.m.10 views

Project and Project issue tracking - Access bypass

The Project and Project issue tracking modules provide a series of permissions to control access to projects and issues: "access projects", "access own projects", "access project issues" and "access own project issues". While these permissions correctly prevent users from viewing the entire proje...

6.6AI score
Exploits0References2
Drupal
Drupal
added 2007/08/13 12:0 a.m.13 views

Content Construction Kit - Cross site scripting

The Content Construction Kit CCK allows site admins to create and customize node fields. The Nodereference module included in the CCK bundle defines fields referencing other nodes. Two cross-site scripting XSS vulnerabilities were discovered : when a nodereference field is displayed using the...

6.2AI score
Exploits0References5
Drupal
Drupal
added 2007/07/26 12:0 a.m.23 views

Drupal core - Cross site request forgeries

Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a privileged users to visit...

6.7AI score
Exploits0References4
Drupal
Drupal
added 2007/07/26 12:0 a.m.22 views

Drupal core - Multiple cross site scripting vulnerabilities

Some server variables are not escaped consistently. When a malicious user is able to entice a victim to visit a specially crafted link or webpage, arbitrary HTML and script code can be injected and executed in the context of the victim's session on the targeted website. Custom content type names...

6.6AI score
Exploits0References6
Drupal
Drupal
added 2007/07/12 12:0 a.m.18 views

LoginToboggan - Cross site scripting

The LoginToboggan module provides several modifications of the Drupal login system. One of the features is a block that can be enabled on the site to display the currently logged in user with a "Log out" link. If a user is able to insert JavaScript into their username, they would be able execute ...

6.4AI score
Exploits0References6
Drupal
Drupal
added 2007/07/09 12:0 a.m.15 views

Forward - Access bypass

The Forward module is a module that allows site administrators to add links to postings that let users email the current page to a third party. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such a...

6.9AI score
Exploits0References4
Drupal
Drupal
added 2007/07/09 12:0 a.m.20 views

Print - Access bypass

Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control,...

6.9AI score
Exploits0References4
Drupal
Drupal
added 2007/04/11 12:0 a.m.13 views

Multiple vulnerabilities in Database Administration (dba) module

The Database Administration dba module allows site administrators with sufficient privileges to view and directly modify the Drupal database tables for a site. Numerous cross-site scripting XSS vulnerabilities were discovered when the administrator runs queries to display data from the database,...

6.2AI score
Exploits0References4
Drupal
Drupal
added 2007/03/08 12:0 a.m.11 views

Project issue tracking - Access bypass

If a remote user knows the node identifier of an issue that has been marked private using a node access module simpleaccess, nodeprivacybyrole, etc, they can use a specially crafted URL to view the contents of the node, regardless of their own privileges. All that is required is the "access proje...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2007/03/06 12:0 a.m.13 views

Nodefamily - Access bypass

Nodefamily is needed for building user profiles with the nodeprofile module. By manipulating URL arguments, authenticated users are able to access and modify the profile of other users. Versions affected Nodefamily for Drupal 5.x before 5.x-1.0 Nodefamily for 4.7.x is not affected. Drupal core is...

7AI score
Exploits0References3
Drupal
Drupal
added 2007/02/16 12:0 a.m.16 views

getID3 library and Audio, Mediafield - arbitrary code execution

The getID3 library used by Audio and Mediafield contains a directory with scripts demonstrating use of the library. These scripts allow any visitor to browse the filesystem, read and delete files or write to zero-byte files or files with an mp3 extension. These actions are only limited by the...

8AI score
Exploits0References8
Drupal
Drupal
added 2007/02/16 12:0 a.m.15 views

Secure site - Access bypass

Secure site allows one to protect a website with a browser-based password. These usernames and passwords are tied directly to the Drupal user database. The site will be invisible to search engines and other crawlers, but still allows access to certain users. A serious design flaw allows the acces...

6.8AI score
Exploits0References4
Drupal
Drupal
added 2007/02/15 12:0 a.m.11 views

Image pager - Cross site scripting

The Image Pager module uses JavaScript to collect selected images from a page and display them one at a time in a block with previous/next pager links. HTML entities are decoded by the DOM functions used by Image Pager before being reinserted into the web page for display. As a result, a maliciou...

5.9AI score
Exploits0References5
Drupal
Drupal
added 2007/01/31 12:0 a.m.14 views

Textimage - response validation bypass

Captcha validation by Textimage can be bypassed by manipulating request variables while posting. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Textimage 4.7.x prior to Textimage 4.7-1.2. All versions of Textimage 5.x prior to...

7.1AI score
Exploits0References4
Drupal
Drupal
added 2007/01/30 12:0 a.m.15 views

Captcha - response validation bypass

Captcha validation can be bypassed by manipulating request variables while posting or by providing certain incorrect responses. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Captcha 4.7.x prior to Captcha 4.7-1.2. All versions o...

7.2AI score
Exploits0References4
Drupal
Drupal
added 2007/01/29 12:0 a.m.17 views

DRUPAL-SA-2007-005 - Drupal core - Arbitrary code execution

Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. By default, anonymous and authenticated users have access to only one input format. Immediate...

7.9AI score
Exploits0References5
Drupal
Drupal
added 2007/01/23 12:0 a.m.12 views

Project and Project issue tracking - Multiple vulnerabilities

Multiple vulnerabilities have been discovered and fixed in the Project and Project issue tracking modules: Access bypass in Project issue tracking Due to an error in the projectissueaccess function, users with the 'Access project issues' permission would have full access to all issues on a site,...

6.1AI score
Exploits0References12
Total number of security vulnerabilities1940