VuXML ID | Description |
c905298c-2274-11db-896e-000ae42e9b93 | drupal -- XSS vulnerability
The Drupal project reports:
A malicious user can execute a cross site scripting attack
by enticing someone to visit a Drupal site via a specially
crafted link.
Discovery 2006-08-02 Entry 2006-08-02 Modified 2006-08-08 drupal
< 4.6.9
http://drupal.org/files/sa-2006-011/advisory.txt
|
b2383758-5f15-11db-ae08-0008743bf21a | drupal -- multiple XSS vulnerabilities
The Drupal Team reports:
A bug in input validation and lack of output validation
allows HTML and script insertion on several pages.
Drupal's XML parser passes unescaped data to watchdog
under certain circumstances. A malicious user may execute
an XSS attack via a specially crafted RSS feed. This
vulnerability exists on systems that do not use PHP's
mb_string extension (to check if mb_string is being used,
navigate to admin/settings and look under "String
handling"). Disabling the aggregator module provides an
immediate workaround.
The aggregator module, profile module, and forum module do
not properly escape output of certain fields.
Note: XSS attacks may lead to administrator access if
certain conditions are met.
Discovery 2006-10-18 Entry 2006-10-18 drupal
< 4.6.10
http://drupal.org/files/sa-2006-024/advisory.txt
http://drupal.org/drupal-4.7.4
|
6da7344b-128a-11db-b25f-00e00c69a70d | drupal -- multiple vulnerabilities
The Drupal team reports:
Vulnerability: XSS Vulnerability in taxonomy module
It is possible for a malicious user to insert and execute
XSS into terms, due to lack of validation on output of the
page title. The fix wraps the display of terms in
check_plain().
Discovery 2006-05-18 Entry 2006-07-13 Modified 2006-07-14 drupal
< 4.6.8
CVE-2006-2833
http://drupal.org/node/66767
|
937d5911-5f16-11db-ae08-0008743bf21a | drupal -- cross site request forgeries
The Drupal Team reports:
Visiting a specially crafted page, anywhere on the web, may
allow that page to post forms to a Drupal site in the
context of the visitor's session. To illustrate; suppose
one has an active user 1 session, the most powerful
administrator account for a site, to a Drupal site while
visiting a website created by an attacker. This website
will now be able to submit any form to the Drupal site with
the privileges of user 1, either by enticing the user to
submit a form or by automated means.
An attacker can exploit this vulnerability by changing
passwords, posting PHP code or creating new users, for
example. The attack is only limited by the privileges of
the session it executes in.
Discovery 2006-10-18 Entry 2006-10-18 drupal
< 4.6.10
http://drupal.org/files/sa-2006-025/advisory.txt
http://drupal.org/drupal-4.7.4
|
19207592-5f17-11db-ae08-0008743bf21a | drupal -- HTML attribute injection
The Drupal Team reports:
A malicious user may entice users to visit a specially
crafted URL that may result in the redirection of Drupal
form submission to a third-party site. A user visiting the
user registration page via such a url, for example, will
submit all data, such as his/her e-mail address, but also
possible private profile data, to a third-party site.
Discovery 2006-10-18 Entry 2006-10-18 drupal
< 4.6.10
http://drupal.org/files/sa-2006-026/advisory.txt
http://drupal.org/drupal-4.7.4
|
40a0185f-ec32-11da-be02-000c6ec775d9 | drupal -- multiple vulnerabilities
The Drupal team reports:
Vulnerability: SQL injection
A security vulnerability in the database layer allowed
certain queries to be submitted to the database without
going through Drupal's query sanitizer.
Vulnerability: Execution of arbitrary files
Certain -- alas, typical -- configurations of Apache
allows execution of carefully named arbitrary scripts in
the files directory. Drupal now will attempt to
automatically create a .htaccess file in your "files"
directory to protect you.
Discovery 2006-05-18 Entry 2006-06-05 drupal
< 4.6.7
CVE-2006-2742
CVE-2006-2743
http://drupal.org/node/65357
http://drupal.org/node/65409
|
3d8d3548-9d02-11db-a541-000ae42e9b93 | drupal -- multiple vulnerabilities
The Drupal security team reports:
A few arguments passed via URLs are not properly sanitized
before display. When an attacker is able to entice an
administrator to follow a specially crafted link, arbitrary
HTML and script code can be injected and executed in the
victim's session. Such an attack may lead to administrator
access if certain conditions are met.
The way page caching was implemented allows a denial of
service attack. An attacker has to have the ability to post
content on the site. He or she would then be able to poison
the page cache, so that it returns cached 404 page not found
errors for existing pages.
If the page cache is not enabled, your site is not vulnerable.
The vulnerability only affects sites running on top of MySQL.
Discovery 2007-01-05 Entry 2007-01-05 Modified 2010-05-12 drupal
gt 4.7 lt 4.7.5
< 4.6.11
CVE-2007-0136
http://drupal.org/files/sa-2007-001/advisory.txt
http://drupal.org/files/sa-2007-002/advisory.txt
|