diff options
-rw-r--r-- | security/vuxml/vuln.xml | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f8d5dad43956..bb56c1d0f39a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,90 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9c00d446-8208-11dc-9283-0016179b2dd5"> + <topic>drupal --- multiple vulnerabilities</topic> + <affects> + <package> + <name>drupal4</name> + <range><lt>4.7.8</lt></range> + </package> + <package> + <name>drupal5</name> + <range><lt>5.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Drupal Project reports:</p> + <blockquote cite="http://drupal.org/node/184315"> + <p>In some circumstances Drupal allows user-supplied data to + become part of response headers. As this user-supplied data + is not always properly escaped, this can be exploited by + malicious users to execute HTTP response splitting attacks + which may lead to a variety of issues, among them cache + poisoning, cross-user defacement and injection of arbitrary + code.</p> + </blockquote> + <blockquote cite="http://drupal.org/node/184316"> + <p>The Drupal installer allows any visitor to provide credentials + for a database when the site's own database is not reachable. This + allows attackers to run arbitrary code on the site's server. + An immediate workaround is the removal of the file install.php + in the Drupal root directory.</p> + </blockquote> + <blockquote cite="http://drupal.org/node/184320"> + <p>The allowed extension list of the core Upload module contains + the extension HTML by default. Such files can be used to execute + arbitrary script code in the context of the affected site when a + user views the file. Revoking upload permissions or removing the + .html extension from the allowed extension list will stop uploads + of malicious files. but will do nothing to protect your site + againstfiles that are already present. Carefully inspect the file + system path for any HTML files. We recommend you remove any HTML + file you did not update yourself. You should look for , CSS + includes, Javascript includes, and onerror="" attributes if + you need to review files individually.</p> + </blockquote> + <blockquote cite="http://drupal.org/node/184348"> + <p>The Drupal Forms API protects against cross site request + forgeries (CSRF), where a malicous site can cause a user + to unintentionally submit a form to a site where he is + authenticated. The user deletion form does not follow the + standard Forms API submission model and is therefore not + protected against this type of attack. A CSRF attack may + result in the deletion of users.</p> + </blockquote> + <blockquote cite="http://drupal.org/node/184354"> + <p>The publication status of comments is not passed during the + hook_comments API operation, causing various modules that rely + on the publication status (such as Organic groups, or Subscriptions) + to mail out unpublished comments.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-5597</cvename> + <cvename>CVE-2007-5596</cvename> + <cvename>CVE-2007-5595</cvename> + <cvename>CVE-2007-5594</cvename> + <cvename>CVE-2007-5593</cvename> + <url>http://drupal.org/node/184315</url> + <url>http://drupal.org/node/184316</url> + <url>http://drupal.org/node/184348</url> + <url>http://drupal.org/node/184354</url> + <url>http://drupal.org/node/184320</url> + <url>http://secunia.com/advisories/27292</url> + <url>http://secunia.com/advisories/27292</url> + <url>http://secunia.com/advisories/27292</url> + <url>http://secunia.com/advisories/27290</url> + <url>http://secunia.com/advisories/27290</url> + </references> + <dates> + <discovery>2007-10-17</discovery> + <entry>2007-10-24</entry> + </dates> + </vuln> + <vuln vid="3a81017a-8154-11dc-9283-0016179b2dd5"> <topic>ldapscripts -- Command Line User Credentials Disclosure</topic> <affects> |