SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations

Certain -- alas, typical -- configurations of Apache allows execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your "files" directory to protect you. This line references SA2006006 to lead Apache administrator...

DRUPAL-SA-2006-005 - Drupal core - SQL injection vulnerability

A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer. This problem represents a critical security vulnerability and should be patched or upgraded immediately. Versions affected - Drupal 4.6.6 and...

DRUPAL-SA-2006-004 Mail header injection vulnerability

Linefeeds and carriage returns were not being stripped from email headers, raising the possibility of bogus headers being inserted into outgoing email. This could lead to Drupal sites being used to send unwanted email. Versions affected All Drupal versions before 4.6.6. Solution If you are runnin...

DRUPAL-SA-2006-002 XSS vulnerabilities

Some user input sanity checking was missing. This could lead to possible cross-site scripting XSS attacks. XSS can lead to user tracking and theft of accounts and services. Versions affected All Drupal versions before 4.6.6. Solution If you are running Drupal 4.5.x then upgrade to Drupal 4.5.8. I...

DRUPAL-SA-2006-001 Security bypass in menu.module

If you use menu.module to create a menu item, the page you point to will be accessible to all, even if it is an admin page. Versions affected All Drupal versions before 4.6.6. Solution If you are running Drupal 4.5.x then upgrade to Drupal 4.5.8. If you are running Drupal 4.6.x then upgrade to...

DRUPAL-SA-2006-003 Session fixation vulnerability

If someone creates a clever enough URL and convinces you to click on it, and you later log in but you do not log off then the attacker may be able to impersonate you. Versions affected All Drupal versions before 4.6.6. Solution The fix to this issue requires PHP 4.3.2 or higher, which is higher...

DRUPAL-SA-2005-007 XSS vulnerability in submitted content

Ahmed Saad has brought to our attention a creative way to enter malicious HTML content. Upon further investigation we found that interpretation of broken HTML/SGML and various quirks in interpretation of correctly formed, but non-sensical attribute values by various browsers also allows entering...

DRUPAL-SA-2005-009 Bypass "view user profiles" permission

Andrew Widdowson informed us that it's possible to bypass the 'access user profile' permission if the server is running PHP5. No data can be changed though. Versions affected Drupal 4.6.0, 4.6.1, 4.6.2, 4.6.3 Solution If you are running Drupal 4.6.x and PHP5, then upgrade to Drupal 4.6.4...

DRUPAL-SA-2005-008 XSS and HTTP header injection vulnerability with uploaded files

Paul Laudanski informed us that it's possible to attach files that are able to run Javascript under Internet Explorer. Further investigation of the problem revealed that the same method can be used to inject arbitrary HTTP headers. Versions affected Drupal 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5...

Unintentionally logging credit card transactions

Solar Designer of the Openwall Project reported a security vulnerability in the contributed authorizenet module which is part of the ecommerce package. Credit card information was being stored in a system log file. The system should not be saving this information. Versions affected Please check t...

SQL injection and PHP code execution

Wolfgang Ziegler has discovered multiple security vulnerabilities in the contributed flexinode module. Versions affected Please check the CVS $Id$ fields in the following files to determine whether the version of the flexinode module you are running is vulnerable. All versions older than the...