Form_mail module allows arbitrary header injection

By chx on
  • Advisory ID: DRUPAL-SA-2006-009
  • Project: form_mail
  • Date: 2006-Jul-4
  • Security risk: moderately critical
  • Impact: security bypass
  • Exploitable from: remote
  • Vulnerability: mail header injection attack

XSS vulnerability in project module

By dries on
  • Project: project module (contributed module)
  • Security risk: less critical
  • Impact: project module
  • Where: from remote
  • Vulnerability: malicious HTML execution and XSS attacks

Unintentionally logging credit card transactions

By chx on
  • Advisory ID: DRUPAL-SA-2005-006
  • Project: ecommerce
  • Date: 2005-Oct-30
  • Security risk: critical
  • Impact: authorize_net module, which is a part of the ecommerce package
  • Exploitable from: local
  • Vulnerability: System is unintentionally logging credit card transactions, including card numbers.

SQL injection and PHP code execution

By chx on
  • Advisory ID: DRUPAL-SA-2005-005
  • Project: flexinode
  • Date: 2005-Oct-03
  • Security risk: highly critical
  • Impact: flexinode module
  • Exploitable from: remote
  • Vulnerability: SQL injection and PHP execution by bypassing input format check

Pages

Subscribe with RSS Subscribe to RSS - Deprecated - Security advisories for contributed projects