| VuXML ID | Description |
|---|
| 19207592-5f17-11db-ae08-0008743bf21a | drupal -- HTML attribute injection
The Drupal Team reports:
A malicious user may entice users to visit a specially
crafted URL that may result in the redirection of Drupal
form submission to a third-party site. A user visiting the
user registration page via such a url, for example, will
submit all data, such as his/her e-mail address, but also
possible private profile data, to a third-party site.
Discovery 2006-10-18
Entry 2006-10-18
drupal
< 4.6.10
http://drupal.org/files/sa-2006-026/advisory.txt
http://drupal.org/drupal-4.7.4
|
| 3d8d3548-9d02-11db-a541-000ae42e9b93 | drupal -- multiple vulnerabilities
The Drupal security team reports:
A few arguments passed via URLs are not properly sanitized
before display. When an attacker is able to entice an
administrator to follow a specially crafted link, arbitrary
HTML and script code can be injected and executed in the
victim's session. Such an attack may lead to administrator
access if certain conditions are met.
The way page caching was implemented allows a denial of
service attack. An attacker has to have the ability to post
content on the site. He or she would then be able to poison
the page cache, so that it returns cached 404 page not found
errors for existing pages.
If the page cache is not enabled, your site is not vulnerable.
The vulnerability only affects sites running on top of MySQL.
Discovery 2007-01-05
Entry 2007-01-05
Modified 2010-05-12
drupal
gt 4.7 lt 4.7.5
< 4.6.11
CVE-2007-0136
http://drupal.org/files/sa-2007-001/advisory.txt
http://drupal.org/files/sa-2007-002/advisory.txt
|
| 40a0185f-ec32-11da-be02-000c6ec775d9 | drupal -- multiple vulnerabilities
The Drupal team reports:
Vulnerability: SQL injection
A security vulnerability in the database layer allowed
certain queries to be submitted to the database without
going through Drupal's query sanitizer.
Vulnerability: Execution of arbitrary files
Certain -- alas, typical -- configurations of Apache
allows execution of carefully named arbitrary scripts in
the files directory. Drupal now will attempt to
automatically create a .htaccess file in your "files"
directory to protect you.
Discovery 2006-05-18
Entry 2006-06-05
drupal
< 4.6.7
CVE-2006-2742
CVE-2006-2743
http://drupal.org/node/65357
http://drupal.org/node/65409
|
| 6779e82f-b60b-11da-913d-000ae42e9b93 | drupal -- multiple vulnerabilities
Drupal reports:
Mail header injection vulnerability.
Linefeeds and carriage returns were not being stripped from
email headers, raising the possibility of bogus headers
being inserted into outgoing email.
This could lead to Drupal sites being used to send unwanted
email.
Session fixation vulnerability.
If someone creates a clever enough URL and convinces you to
click on it, and you later log in but you do not log off
then the attacker may be able to impersonate you.
XSS vulnerabilities.
Some user input sanity checking was missing. This could
lead to possible cross-site scripting (XSS) attacks.
XSS can lead to user tracking and theft of accounts and
services.
Security bypass in menu.module.
If you use menu.module to create a menu item, the page you
point to will be accessible to all, even if it is an admin
page.
Discovery 2006-03-13
Entry 2006-03-17
drupal
< 3.6.6
http://drupal.org/node/53806
http://drupal.org/node/53805
http://drupal.org/node/53803
http://drupal.org/node/53796
|
| 6da7344b-128a-11db-b25f-00e00c69a70d | drupal -- multiple vulnerabilities
The Drupal team reports:
Vulnerability: XSS Vulnerability in taxonomy module
It is possible for a malicious user to insert and execute
XSS into terms, due to lack of validation on output of the
page title. The fix wraps the display of terms in
check_plain().
Discovery 2006-05-18
Entry 2006-07-13
Modified 2006-07-14
drupal
< 4.6.8
CVE-2006-2833
http://drupal.org/node/66767
|
| 937d5911-5f16-11db-ae08-0008743bf21a | drupal -- cross site request forgeries
The Drupal Team reports:
Visiting a specially crafted page, anywhere on the web, may
allow that page to post forms to a Drupal site in the
context of the visitor's session. To illustrate; suppose
one has an active user 1 session, the most powerful
administrator account for a site, to a Drupal site while
visiting a website created by an attacker. This website
will now be able to submit any form to the Drupal site with
the privileges of user 1, either by enticing the user to
submit a form or by automated means.
An attacker can exploit this vulnerability by changing
passwords, posting PHP code or creating new users, for
example. The attack is only limited by the privileges of
the session it executes in.
Discovery 2006-10-18
Entry 2006-10-18
drupal
< 4.6.10
http://drupal.org/files/sa-2006-025/advisory.txt
http://drupal.org/drupal-4.7.4
|
| b2383758-5f15-11db-ae08-0008743bf21a | drupal -- multiple XSS vulnerabilities
The Drupal Team reports:
A bug in input validation and lack of output validation
allows HTML and script insertion on several pages.
Drupal's XML parser passes unescaped data to watchdog
under certain circumstances. A malicious user may execute
an XSS attack via a specially crafted RSS feed. This
vulnerability exists on systems that do not use PHP's
mb_string extension (to check if mb_string is being used,
navigate to admin/settings and look under "String
handling"). Disabling the aggregator module provides an
immediate workaround.
The aggregator module, profile module, and forum module do
not properly escape output of certain fields.
Note: XSS attacks may lead to administrator access if
certain conditions are met.
Discovery 2006-10-18
Entry 2006-10-18
drupal
< 4.6.10
http://drupal.org/files/sa-2006-024/advisory.txt
http://drupal.org/drupal-4.7.4
|
| c905298c-2274-11db-896e-000ae42e9b93 | drupal -- XSS vulnerability
The Drupal project reports:
A malicious user can execute a cross site scripting attack
by enticing someone to visit a Drupal site via a specially
crafted link.
Discovery 2006-08-02
Entry 2006-08-02
Modified 2006-08-08
drupal
< 4.6.9
http://drupal.org/files/sa-2006-011/advisory.txt
|
| e65ad1bf-0d8b-11da-90d0-00304823c0d3 | pear-XML_RPC -- remote PHP code injection vulnerability
A Hardened-PHP Project Security Advisory reports:
When the library parses XMLRPC requests/responses, it constructs
a string of PHP code, that is later evaluated. This means any
failure to properly handle the construction of this string can
result in arbitrary execution of PHP code.
This new injection vulnerability is cause by not properly
handling the situation, when certain XML tags are nested
in the parsed document, that were never meant to be nested
at all. This can be easily exploited in a way, that
user-input is placed outside of string delimiters within
the evaluation string, which obviously results in
arbitrary code execution.
Note that several applications contains an embedded version
on XML_RPC, therefor making them the vulnerable to the same
code injection vulnerability.
Discovery 2005-08-15
Entry 2005-08-15
Modified 2005-09-04
pear-XML_RPC
< 1.4.0
phpmyfaq
< 1.4.11
drupal
< 4.6.3
eGroupWare
< 1.0.0.009
phpAdsNew
< 2.0.5
phpgroupware
< 0.9.16.007
b2evolution
< 0.9.0.12_2
CVE-2005-2498
http://b2evolution.net/news/2005/08/31/fix_for_xml_rpc_vulnerability_again_1
http://downloads.phpgroupware.org/changelog
http://drupal.org/files/sa-2005-004/advisory.txt
http://phpadsnew.com/two/nucleus/index.php?itemid=45
http://sourceforge.net/project/shownotes.php?release_id=349626
http://www.hardened-php.net/advisory_142005.66.html
http://www.hardened-php.net/advisory_152005.67.html
http://www.phpmyfaq.de/advisory_2005-08-15.php
|
| f241641e-f5ea-11d9-a6db-000d608ed240 | drupal -- PHP code execution vulnerabilities
Kuba Zygmunt discovered a flaw in the input validation routines
of Drupal's filter mechanism. An attacker could execute
arbitrary PHP code on a target site when public comments or
postings are allowed.
Discovery 2005-06-29
Entry 2005-07-16
drupal
< 4.6.2
CVE-2005-1921
CVE-2005-2106
http://drupal.org/files/sa-2005-002/advisory.txt
|
| faca0843-6281-11da-8630-00123ffe8333 | drupal -- multiple vulnerabilities
Secunia reports:
Some vulnerabilities have been reported in Drupal,
which can be exploited by malicious people to bypass
certain security restrictions, and conduct script
insertion and HTTP response splitting attacks.
1) An input validation error in the filtering of
HTML code can be exploited to inject arbitrary
JavaScript code in submitted content, which will be
executed in a user's browser session in context of
an affected site when the malicious user data is
viewed.
Successful exploitation requires that the user has
access to the full HTML input format.
Ref: sa-2005-007
2) An input validation error in the attachment
handling can be exploited to upload a malicious
image with embedded HTML and script content, which
will be executed in a user's browser session in
context of an affected site when viewed directly with
the Microsoft Internet Explorer browser.
This can also be exploited to inject arbitrary HTTP
headers, which will be included in the response sent
to the user.
Ref: sa-2005-008
3) The problem is that it is possible to bypass the
"access user profile" permission. However, this cannot
be exploited to modify data.
Successful exploitation requires that the server runs
PHP 5.
Ref: sa-2005-009
Discovery 2005-12-01
Entry 2005-12-01
drupal
< 4.6.4
http://drupal.org/files/sa-2005-007/advisory.txt
http://drupal.org/files/sa-2005-008/advisory.txt
http://drupal.org/files/sa-2005-009/advisory.txt
http://secunia.com/advisories/17824/
|