The Drupal Autosave module versions 6.x and 7.x suffer from a cross site request forgery vulnerability.
a5010955517768867cfa38f156ec8127f1676c81935ed688afd452e6df38d04eDrupal security advisory - Drupal versions 4.7.x before version 4.7.7 and 5.x versions before version 5.2 suffer from cross site scripting vulnerabilities.
41a5f374d5205819d26273f6854b9a4c964586d0a41ed65fd13b71eb76688a3dDrupal security advisory - Several parts in Drupal core are not protected against cross site request forgeries due to improper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a privileged users to visit certain URLs while the victim is logged-in to the targeted site. Drupal versions 5.x below 5.2 are affected.
46f0c7caa6742d83818685617d68d77ee84321da3ab65a8147df22b8fc719a1dDrupal security advisory - Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. Affected include Drupal 4.7.x versions before Drupal 4.7.6 and Drupal 5.x versions before Drupal 5.1.
2e86ad7cf732e48c2e546b4432795c4809c57b8a13758652be4bc9714527a906Drupal security advisory - The way page caching was implemented allows a denial of service attack. An attacker has to have the ability to post content on the site. He or she would then be able to poison the page cache, so that it returns cached 404 page not found errors for existing pages. If the page cache is not enabled, your site is not vulnerable. The vulnerability only affects sites running on top of MySQL.
586514a30d2638ed99461f42690efaf3b811a03e2eafffba2aa3d38eb5218f2eDrupal security advisory - A few arguments passed via URLs are not properly sanitized before display. When an attacker is able to entice an administrator to follow a specially crafted link, arbitrary HTML and script code can be injected and executed in the victim's session. Such an attack may lead to administrator access if certain conditions are met.
d4f4f67373a26f8122e427f493188ae9edcd921450b63a220e9b9cedb0051f07Drupal security advisory - DRUPAL-SA-2006-024: Multiple XSS (cross site scripting) vulnerabilities have been discovered.
1aa675f91c66e69c739dbfa33817a0d04e6526d3a5f2b4c2b15192944ad977b4Drupal security advisory DRUPAL-SA-2006-025: Visiting a specially crafted page, anywhere on the web, may allow that page to post forms to a Drupal site in the context of the visitor's session. To illustrate; suppose one has an active user 1 session, the most powerful administrator account for a site, to a Drupal site while visiting a website created by an attacker. This website will now be able to submit any form to the Drupal site with the privileges of user 1, either by enticing the user to submit a form or by automated means. An attacker can exploit this vulnerability by changing passwords, posting PHP code or creating new users, for example. The attack is only limited by the privileges of the session it executes in.
c2eab01fab47cd53866e412e9c040859163e8d5a1dfd064f8742b495b323b50aDrupal security advisory DRUPAL-SA-2006-026: A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such a url, for example, will submit all data, such as his/her e-mail address, but also possible private profile data, to a third-party site.
aac4a667546b92b6c6ad5f65a8adf2bf591fd7078837743847a284bbb2d5ba58Drupal security advisory DRUPAL-SA-2006-011: A malicious user can execute a cross site scripting attack by enticing someone to visit a Drupal site via a specially crafted link. Versions 4.6 and 4.7 are affected.
729acaa041bbcefdff3132971b083758ab50c3e1077bfab8676740ab791d7a63Drupal security advisory DRUPAL-SA-2006-005: A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer.
19af6d2e9e201f9bae66069a24d63bb1936da2526fa2a043cf13cfa495353f27Drupal security advisory DRUPAL-SA-2006-008: Bart Jansens reported that it is possible for a malicious user to insert and execute XSS into free tagging terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain().
b0584638f5b9adbb1149a2a0377ce9f140df6fe298f84e5f8c229862801bc629Drupal security advisory DRUPAL-SA-2006-007: Recently, the Drupal security team was informed of a potential exploit that would allow untrusted code to be executed upon a successful request by a malicious user. If a dynamic script with multiple extensions such as file.php.pps or file.sh.txt is uploaded and then accessed from a web browser under certain common Apache configurations, it will cause the script inside to be executed. We deemed this exploit critical and released Drupal 4.6.7 and 4.7.1 six hours after the report was filed. The fix was to create a .htaccess file to remove all dynamic script handlers, such as PHP, from the "files" directory.
80255e976ff4dd047478820972ff5b573191bdf31f9141104f3845d0753acd3bDrupal security advisory DRUPAL-SA-2006-006: Certain -- alas, typical -- configurations of Apache allow execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your "files" directory to protect you.
912163027c6bb36941cf7da0ba234a074978f1fa7d6a9468b1006f98299d31b5Drupal versions less than or equal to 4.7 attachment mod_mime poc exploit.
2fc9ce589c58c2041d52ea76aaaa377ba30c8a82eb2bd371b292b091cd014bf1Drupal security advisory - Linefeeds and carriage returns were not being stripped from email headers, raising the possibility of bogus headers being inserted into outgoing email. This could lead to Drupal sites being used to send unwanted email.
1593c14061e40cbca8c0485ff8815eba5d4b704873ddee25db55fc17670c175fDrupal security advisory - If someone creates a clever enough URL and convinces you to click on it, and you later log in but you do not log off then the attacker may be able to impersonate you.
26113c5ba32f52f8db7685785893b4a4abc1f3d1aa53eeca7cd3a86b2f451d71Drupal security advisory - Some user input sanity checking was missing. This could lead to possible cross-site scripting (XSS) attacks.
22f936336daa931de712205477052d81713d84109b43fdabb0f8356a104eef4dDrupal security advisory - If you use menu.module to create a menu item, the page you point to will be accessible to all, even if it is an admin page.
f20adb72ea5aba1fdfa5c3383930de33cb89aed2f989f96dda0a5fe814bf3ee3Drupal versions 4.6.0 through 4.6.3 suffer from an authentication bypass flaw when using PHP5.
7a3173d83565d75a35fe66ad58972f59aa52440ff343ed08cf689d5678f0cbb5Drupal versions 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 suffer a script injection flaw via attached files.
35ec66097d4c6335e28d0d8461f7643c24bda8158fd7cf7483a3784f08d8f0d4Drupal versions 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 suffer from cross site scripting flaws due to various quirks in interpretation of non-sensical attribute values.
38da2e32558d5e0702a8afa7f1fe5a808d08bed9886b36688f6b45d007ac9ff7Stefan Esser of the Hardened-PHP Project reported a serious vulnerability in the third-party XML-RPC library included with some Drupal versions. An attacker could execute arbitrary PHP code on a target site.
f1693245942b10512ab9dd01ee950c7b7ead43979f7b2d80448b9875aa3599a3A flaw has been discovered in the third-party XML-RPC library included with Drupal. An attacker could execute arbitrary PHP code on a target site.
c23af80afccc28c6e386c2d9c57c08cb7dcd67c51b1bdbfd76ab901c28db1291Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed.
3cde9b7af7d34c526f434457021465af93437a68f76031f5ab71ab278732d190The Drupal Security Team has found that the privilege system of Drupal can be circumvented in a very special case because an input check is not implemented properly.
f0dbedb768968931ebac535ca37bc4a6e5fc685740db2480bbd31599b8709b22
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed