VuXML ID | Description |
2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5 | drupal7 -- multiple vulnerabilities
Drupal Security Team reports:
-
Arbitrary PHP code execution
A bug in the installer code was identified that allows an attacker
to re-install Drupal using an external database server under certain
transient conditions. This could allow the attacker to execute
arbitrary PHP code on the original server.
-
Information disclosure - OpenID module
For sites using the core OpenID module, an information disclosure
vulnerability was identified that allows an attacker to read files
on the local filesystem by attempting to log in to the site using a
malicious OpenID server.
Discovery 2012-10-17 Entry 2012-10-31 drupal7
< 7.16
http://drupal.org/node/1815912
|
d9649816-5e0d-11e3-8d23-3c970e169bc2 | drupal -- multiple vulnerabilities
Drupal Security Team reports:
Multiple vulnerabilities were fixed in the supported Drupal
core versions 6 and 7.
- Multiple vulnerabilities due to optimistic cross-site
request forgery protection (Form API validation - Drupal 6
and 7)
- Multiple vulnerabilities due to weakness in pseudorandom
number generation using mt_rand() (Form API, OpenID and
random password generation - Drupal 6 and 7)
- Code execution prevention (Files directory .htaccess for
Apache - Drupal 6 and 7)
- Access bypass (Security token validation - Drupal 6 and 7)
- Cross-site scripting (Image module - Drupal 7)
- Cross-site scripting (Color module - Drupal 7)
- Open redirect (Overlay module - Drupal 7)
Discovery 2013-11-20 Entry 2013-12-06 drupal6
< 6.29
drupal7
< 7.24
https://drupal.org/SA-CORE-2013-003
|
1827f213-633e-11e2-8d93-c8600054b392 | drupal -- multiple vulnerabilities
Drupal Security Team reports:
Cross-site scripting (Various core and contributed modules)
Access bypass (Book module printer friendly version)
Access bypass (Image module)
Discovery 2013-01-16 Entry 2013-01-20 drupal6
< 6.28
drupal7
< 7.19
https://drupal.org/SA-CORE-2013-001
|
a4d71e4c-7bf4-11e2-84cd-d43d7e0c7c02 | drupal7 -- Denial of service
Drupal Security Team reports:
Drupal core's Image module allows for the on-demand generation
of image derivatives. This capability can be abused by requesting
a large number of new derivatives which can fill up the server disk
space, and which can cause a very high CPU load. Either of these
effects may lead to the site becoming unavailable or unresponsive.
Discovery 2013-02-20 Entry 2013-02-21 drupal7
< 7.19
CVE-2013-0316
https://drupal.org/SA-CORE-2013-002
|