aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorerwin <erwin@FreeBSD.org>2005-07-16 19:29:43 +0800
committererwin <erwin@FreeBSD.org>2005-07-16 19:29:43 +0800
commit369fc864f57d097b5c38f294a998c1c91993663a (patch)
tree7419dc7db6bcf1f3aa9713a8aa917b62d9c5b046
parente877ae13b9864bfa4d56428583311668726874ca (diff)
downloadfreebsd-ports-gnome-369fc864f57d097b5c38f294a998c1c91993663a.tar.gz
freebsd-ports-gnome-369fc864f57d097b5c38f294a998c1c91993663a.tar.zst
freebsd-ports-gnome-369fc864f57d097b5c38f294a998c1c91993663a.zip
Add an entry for the drupal vulnerabilities.
Diffstat
-rw-r--r--security/vuxml/vuln.xml27
1 files changed, 27 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b8630133e335..5eeec61b7637 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,33 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f241641e-f5ea-11d9-a6db-000d608ed240">
+ <topic>Drupal -- PHP code execution vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal</name>
+ <range><lt>4.6.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Kuba Zygmunt discovered a flaw in the input validation routines
+ of Drupal's filter mechanism. An attacker could execute
+ arbitrary PHP code on a target site when public comments or
+ postings are allowed.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2005-1921</cvename>
+ <cvename>CAN-2005-2106</cvename>
+ <url>http://drupal.org/files/sa-2005-002/advisory.txt</url>
+ </references>
+ <dates>
+ <discovery>2005-06-29</discovery>
+ <entry>2005-07-16</entry>
+ </dates>
+ </vuln>
+
<vuln vid="50457509-d05e-11d9-9aed-000e0c2e438a">
<topic>phpSysInfo -- cross site scripting vulnerability</topic>
<affects>
generated by cgit (git 2.34.1) at 2024-12-19 18:34:01 +0800