The Drupal Autosave module versions 6.x and 7.x suffer from a cross site request forgery vulnerability.
a5010955517768867cfa38f156ec8127f1676c81935ed688afd452e6df38d04eThe Fancy Slide module in Drupal 6.x suffers from a cross site scripting vulnerability.
ce87c631b76cdb497819c7041674eeeb2c74a0e1c28234e06f9ed1159f8722b4CKEditor and FCKeditor modules in Drupal versions 6.x and 7.x suffer from PHP code execution, cross site request forgery, and cross site scripting vulnerabilities.
aaa6ea9e677ff1cded922b9064a43bda0cfc2a65959bfa6b93813933823bdbd6The Language Icons module in Drupal versions 6.x and 7.x suffers from a cross site scripting vulnerability.
23998b93437f4e5eff6ba6b5bbb1023e4ebe011636d6dfbb2128663087bcaf03The Views Language Switcher in Drupal version 7.x suffers from a cross site scripting vulnerability.
a2cff07f9cea7897070db7e929d453738c928b2a089313802fc27cd3235a7dc0The Drupal Slidebox module version 7.x suffers from an access bypass vulnerability.
f39f6e32a9af3810fa3aeaaf69ffe9be44928d21b144ffbb5a12d5ab25364a21Various Drupal modules such as Content Lock, Ubercart Bulk Stock Updater, Ubercart Payflow Link, ticketyboo News Ticker, Admin tools, and Redirecting click bouncer suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
dfba66004ce172b759e13bd0d69c968ca2876ae3c5a889fa13c062cb84aef994The Drupal Webform module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
ebc8afc7a8e3b9bc5101110a82c959641537ff9199390ac05b85f1fca3fab6b3The Drupal Note Recommendation module version 6.x suffers from a cross site scripting vulnerability.
0d5478a9de5ee767ee36f4e93e4cc328b19707ca13ca3a9371f41414d5cd9f89The Read More Link module version 6.x in Drupal allows you to move the "Read more" link from the node's links area to the end of the teaser text. A user could inject java script into pages affecting other site users. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access administration pages."
bd92348ee67235662934cb4a09b086c5d52b673a6df75c2193424fa80f15fba0The Drupal block class module allows users to add classes to any block through the block's configuration interface The class names in a block were not properly filtered. Someone with the ability to modify or create blocks could inject java script that would be rendered when viewing the block. Blockclass versions prior to 7.x-1.0 are affected.
ec7bd4f2b0130760b1ad706dd01c6bc46328b023aed6daade7ba77de5c659f50UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.
821d0c201eeac6fac0f5db639e8b855cdeb11ae6a13a35cc6a819fb54a37c7ceThe Drupal Data module 6.x-1.x versions prior to 6.x-1.0 suffer from a cross site scripting vulnerability.
70f531879deaaf37ddbaa94bb6cc139601124e7c2ba8a519650348b97938972dTaxonomy Views Integrator version 6.x suffers from a cross site scripting vulnerability.
9d7a5cc3791c8cce6456f3e36c637e991adc01d9576564192e0f01a685d33576Hierarchical Select version 6.x suffers from a cross site scripting vulnerability.
dab2ead30f518286d0f151895e4d4d3de70b8b5d3652cdda89a58f8bc2395033Submenu Tree version 6.x suffers from a cross site scripting vulnerability.
1ac8273c69c4b269cddb9fa7a80e500a8db89347597b52d760b92b4d9543bcd3ZipCart version 6.x suffers from an access bypass vulnerability.
0e9f709682d4ce2cc90cfcee885a9245af53e3bf08a6c86a5d9e2949587d7bc2Cool Aid version 6.x suffers from access bypass and cross site scripting vulnerabilities.
ceaebd230146d69ac1a7302356242e64c1ac00d8647db62d251525c7328404fdMediaFront versions 6.x / 7.x suffer from a cross site scripting vulnerability.
a63b9fbc20dc44405b79e7f717e234f5e14aec187385aa611dc39a17d0ed1753Drupal version 7.0 suffers from a remote command execution vulnerability.
ae379d3ee6258d3421cda34112b5c194d06dfda66bb8a74d6d48cea995174149Drupal versions 6.20 and below suffer from broken anti-automation and path disclosure vulnerabilities.
998d6854d0553d84a23f01ebfab42858ac12d515cef3a3c74af722f5b84febcaThis is a proof of concept to demonstrate a logic security flow in the way Drupal CAPTCHA is used to protect login forms from bruteforce. If the CAPTCHA challenge is solved, the next login attempts can be issued without solving any new CAPTCHA challenge.
da7f99e45b5a53895b8bd9dac1825527757ca21c77e749a8c8a3b52db4fe457eSmall write up regarding a cross site scripting vulnerability on Drupal version 5.15 being used for a password change attack. Attack script included.
86d13cf8462beb1f49b6073cfa700d5ee7e151e78aed8e8844279904e36a02a9Drupal CMS version 6.9 suffers from a local file inclusion vulnerability.
5ea5742e4c37b7cd2fba33b966d49483cb707234194c972941c189554b8419e3Drupal CMS fails to set the secure flag in the session cookie allowing for session hijacking.
6d5d4657228cd6039e3ccbfbac2cd8adc8cdb25a11f076f03f379e89ca0016dbDrupal versions 5.2 and below PHP Zend Hash vulnerability exploitation vector.
e0ceb8a054f3c90526912645c8617d496ab9245d1bba15d01bd4e70137ae76dc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed