Articles in drupal

  1. Drupal 6 Actions, Triggers (Core) Module XSS Vulnerability - The Drupal core modules actions and triggers manifest a cross site scripting (XSS) vulnerability because they fail to sanitize user supplied input rendered in display.
  2. Drupal Organic Groups Menu Module 6.x-2.0 XSS Vulnerability - The Drupal OG Menu module contains a cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize menu descriptions before display.
  3. Drupal Views Module Information Disclosure Vulnerability - The Drupal Views module contains an information disclosure vulnerability due to the fact that it allows access to user profile data.
  4. Monitoring Drupal with OSSEC - It is possible to monitor your Drupal site using OSSEC, the open source host based intrusion detection system, by implementing a custom decoder and a few simple rules.
  5. Drupal FileField 6.x-3.3 XSS Vulnerability - The Drupal FileField module contains a cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize image filenames before display.
  6. Drupal Global Redirect 6.x-1.2 Arbitrary Redirection - Global Redirect does not perform adequate input checking allowing for arbitrary redirect.
  7. Drupal Panels 6.x-3.3 Module XSS - Drupal Panels module 6.x-3.3 cross site scripting vulnerability.
  8. Drupal Ctools 6.x-1.3 Multiple Vulnerabilities - Drupal Ctools module version 6.x-1.3 contains multiple vulnerabilities, including arbitrary PHP exection, access bypass, and cross site request forgery.
  9. Drupal Context Module XSS - The Context module contains a cross site scripting (XSS) vulnerability because it fails to sanitize block descriptions before display.
  10. Drupal Better Formats 6.x-1.2 XSS Vulnerability - Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. The Drupal Better Formats module (http://drupal.org/project/better_formats) contains a cross site scripting (XSS) vulnerability due to the fact that it fails
  11. Auditing Drupal Modules for XSRF Vulnerabilities - Cross site request forgery (CSRF (pronounced sea-surf) or XSRF) is a trust exploitation that shares many similarities with cross site scripting (XSS).
  12. Using Drupal XML-RPC to Bypass Authentication Failure Detection - Drupal provides robust, and largely ignored, XML remote procedure call (RPC) functionality. This functionality is available through the xmlrpc.php file that is available at the Drupal root in any installation. Any module can provide a hook into the XMLR
  13. Drupal Zen Theme 6.x-1.1 XSS Vulnerability - Drupal is a robust content management system (CMS) written in PHP and MySQL that provides custom look and feel functionality with themes. The popular Zen theme contains a cross site scripting vulnerability due to the fact that it fails to properly saniti
  14. Auditing Drupal Modules for XSS Vulnerabilities - Finding cross site scripting vulnerabilities in Drupal modules.
  15. Drupal 6 Profile (core) Module XSS Vulnerability - Drupal 6 contains a cross site scripting (XSS) vulnerability in the Profile module.
  16. Securing Drupal User Accounts - Securing a default Drupal installation takes some work and forethought. Drupal's native functionality creates a number of vulnerabilities that can only be mitigated through careful configuration.
  17. Drupal Help Injection Module XSS Vulnerability - Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL that provides extensibility through hundreds of third party modules. The Advanced Help Injection and Export Module (http://drupal.org/project/helpinject) \
  18. Drupal Twitter Module Credential Exposure - The Twitter Module suffers from potential vulnerability due to the fact that it could expose stored Twitter account credentials to theft or exposure.
  19. Brute Forcing Drupal - Brute forcing account credentials for Drupal 5 and 6 sites including a sample script.
  20. Drupal 5.x and 6.x Core Contact Form XSS Vulnerability - Drupal up to 5.20 and 6.14 suffer from a cross site scripting vulnerability in the Drupal core.
  21. Drupal 6.x Core XSS Vulnerability - Drupal 6.x suffers from a cross site scripting (XSS) vulnerability
  22. Drupal Sections Module 6.x-1.2 XSS Vulnerability - The Sections module contains a cross site scripting vulnerability because it does not properly sanitize output of section names before display.
  23. Monitoring Drupal for Insecure Settings - The Drupal content management system (CMS) is a wonderful for maintaining multiple, user driven and owned websites. From a security context, however, Drupal can present a challenge.
  24. Drupal Webform 6.x-2.7 and 5.x-2.7 XSS Vulnerabilities - The Drupal Webform module versions 6.x-2.7 and 5.x-2.7 contain cross site scripting vulnerabilities.
  25. Drupal Sitemap 6.x-1.1 XSS Vulnerability - The Drupal Sitemap module version 6.x-1.1 suffers from a cross site scripting vulnerability.
  26. Drupal 5.20 and 6.14 Filter Module (Core) XSS Vulnerabilities - The Drupal core Filter module in versions 5.20 and 6.14 contains a cross site scripting (XSS) vulnerability.
  27. Drupal Wikitools 6.x-1.2 and 5.x-1.3 XSS Vulnerability - The Drupal Wikitools module versions 6.x-1.2 and 5.x-1.3 contain cross site scripting vulnerabilities.
  28. Drupal 5.20 and 6.14 (Core) XSS Vulnerabilities - Drupal 6.14 and 5.20 suffer from cross site scripting vulnerabilities.
  29. Drupal Service Links 6.x-1.0 XSS Vulnerability - The Drupal Service Links module version 6.x-1.0 contains a cross site scripting vulnerability.
  30. Drupal CCK 5.x-1.10 XSS Vulnerability - The CCK module version 5.x-1.10 contains a cross site scripting vulnerability because it does not properly sanitize output of group labels before display.
  31. Drupal Biblio Module 6.x-1.6 XSS Vulnerability - The Drupal Biblio module 6.x-1.6 contains numerous cross site scripting (XSS) vulnerabilities.
  32. Exploiting Drupal Node2Node XSS Vulnerability - Instructions on exploiting the recently unpublished Drupal Node2Node module.
  33. Drupal ImageCache 6.x-2.0-beta9 Multiple XSS Vulnerability - The Drupal ImageCache module version 6.x-2.0-beta9 contains several cross site scripting vulnerabilities because it does not properly sanitize output of action preset values before display.
  34. Drupal Print 6.x-1.7 Multiple XSS Vulnerabilities - The Drupal Print module version 6.x-1.7 contains numerous stored cross site scripting (XSS) vulnerabilities.
  35. Drupal 5 to 6 Upgrade - Drupal supports two versions at any given time (a major and a minor).
  36. Drupal Biblio Module 6.x-1.5 XSS Vulnerability - The Drupal Biblio module version 6.x-1.5 contains a cross site scripting vulnerability because it does not properly sanitize output of titles before display.
  37. Drupal Date 6.x-2.2 and Calendar 6.x-2.1 XSS Vulnerability - The Drupal Calendar module version 6.x-2.2 suffers from a cross site scripting (XSS) vulnerability due to the fact that it does not properly sanitize names during display.
  38. Drupal Taxonomy Manager 6.x-1.0 XSS Vulnerability - The Drupal Taxonomy Manager version 6.x-1.0 suffers from a cross site scripting vulnerability.
  39. Drupal Views 6.x-2.5 XSS Vulnerability - The Drupal Views module 6.x-2.5 contains a cross site scripting vulnerability.
  40. Drupal NodeQueue 6.x-2.1 XSS Vulnerability - The NodeQueue module version 6.x-2.1 suffers from a cross site scripting (XSS) vulnerability due to the fact that it does not properly sanitize taxonomy names during display.
  41. Drupal Email Field 6.x-1.1 XSS Vulnerability - The Drupal Email Field module version 6.x-1.1 contains a cross site scripting vulnerability due to the fact that it fails to sanitize help text entered by users during content type configuration.
  42. Drupal 6 Core Cross Site Scripting Vulnerabilities - Drupal 6.12 core contains two oft used functions that fail to properly sanitize output.
  43. Drupal Flag Module 6.x-1.1 Multiple Vulnerabilities - The Drupal Flag module version 6.x-1.1 contains multiple vulnerabilities.
  44. Drupal Embedded Media 6.x-1.0 Multiple XSS - The Drupal Embedded media field module version 6.x-1.0 contains several cross site scripting vulnerabilities.
  45. Drupal Content Access Module XSS Fun - Asking me about computer security and privacy is probably a lot like asking a law enforcement agent about home security - you're going to get an answer colored by experience.
  46. Drupal Content Access Module 6.x-1.1 XSS - Drupal content access module version 6.x-1.1 contains a cross site scripting vulnerability.
  47. Is Drupal Ready for the Enterprise? - Although Drupal has many of the trappings of an enterprise level CMS such as dedicated development and security teams, commercial backing from companies like Acquia and others, it may not be fully ready for the enterprise.
  48. Drupal 6.12 (core) User Module XSS Vulnerability - Drupal 6.12 core user module contains a cross site scripting vulnerability.
  49. Drupal CCK 6.x-2.2 XSS Vulnerability - The Drupal CCK module version 6.x-2.2 contains a vulnerability that could allow an authenticated attacker to inject arbitrary script into administration screens for content types.
  50. Dangers of Drupal Cron - The Drupal default installation and configuration presents several security challenges and potential vulnerabilities with scheduling cron.
  51. Drupal 5.17 Taxonomy (Core) Module Contains XSS Vulnerability - Drupal 5.17 Taxonomy (Core) Module contains a cross site scripting vulnerability.
  52. Drupal 6 CCK Module Allows Arbitrary PHP Injection - Attacking and defending the Drupal 6 PHP input type through CCK.
  53. Drupal Password Reset via XSS - The Drupal account page contains a flaw, which combined with a well crafted XSS attack, could be used to change a user's password to an arbitrary value.
  54. Drupal Protected Node 5.x-1.3 XSS Vulnerability - The Protected Node module version 5.x-1.3 fails to properly sanitize user input specified in the 'Password page info' input.
  55. Drupal Security Team Ignores Multiple XSS Vulnerabilities - The Drupal security team's rather disappointing advice to rectify this situation was not to fix the vulnerabilities in the module code in question, but rather to limit the scope of users granted 'administer content types' privileges.
  56. Drupal Taxonomy Theme 5.x-1.1 XSS Vulnerability - The Drupal Taxonomy Theme module version 5.x-1.1 suffers from a cross site scripting vulnerability.
  57. Drupal Ad Module 5.x-1.7 XSS Vulnerability - Drupal Ad Module 5.x-1.7 XSS Vulnerability
  58. Drupal Link 5.x-2.5 XSS Vulnerability - The Drupal Link module version 5.x-2.5 contains a cross site scripting vulnerability.
  59. Drupal Imagefield 5.x-2.2 Multiple Vulnerabilities - The Drupal Imagefield module version 5.x-2.2 contains multiple vulnerabilities.
  60. Drupal ImageField 5.x-2.2 Multiple Vulnerabilities - The Drupal Imagefield module version 5.x-2.2 contains multiple vulnerabilities.
  61. Drupal Brilliant Gallery 5.x-4.1 SQL Injection Vulnerability - The Durpal Brilliant Gallery module version 5.x-4.1 contains a SQL injectin vulnerability.
  62. Drupal Ajax Checklist Module SQL Injection Vulnerability - The Drupal Ajax Checklist module version 5.x-1.0 contains a SQL injection vulnerability.
  63. Drupal Link to Us 5.x-10 XSS Vulnerability - The Drupal Link to us module version 5.x-10 contains a cross site scripting vulnerability.
  64. Drupal Answers Module 5.x-1.x-dev XSS Vulnerability - The Drupal Answers module version 5.x-1.x-dev contains a cross site scripting vulnerability.
  65. Drupal Answers 5.x-1.x-dev XSS Vulnerability - The Drupal answers module contains a cross site scripting vulnerability.
  66. Tips for Securing Drupal - Some tips for securing your Drupal installation.
  67. Drupal Leaking Version Information - Upon installation Drupal relies on a functioning .htaccess file to protect critical module information, but Drupal will function even if the .htaccess protections aren't working properly.
  68. Exploiting the Drupal Suggest Terms Module - In the Drupal Suggested Terms module versions prior to 5.x-1.2 a cross site scripting (XSS) vulnerability exists.
  69. Developing Drupal Module Exploits - While the Drupal security team does a great job of making sure the core modules distributed with Drupal are secure, there are a host of third party contributed modules that often contain security problems.
  70. Creating Drupal External Authentication - Implementing external authentication in Drupal.

Top Articles

  1. Installing Nikto on Windows
  2. SSHatter SSH Brute Forcer
  3. PHP Arbitrary File Include
  4. Hardening PHP from php.ini
  5. Web Hacking Lesson 4 - File Include Vulnerabilities
  6. e107 XSS and XSRF Vulnerabilities
  7. JavaScript Email Validation
  8. Madirish Tutorial 11 (Brute Forcing)
  9. Using the Google Safe Browsing API from PHP
  10. Beginners Guide to PHP

Tags

advisory, apache, authentication, brute force, c, certification, cms, computers, database, development, disclosure, drupal, editorial, email, encryption, exploit, feature, firewall, hardening, hardware, honeypot, how-to, incident response, intrusion detection, java, javascript, linux, malware, microsoft, mysql, networking, open source, oracle, ossec, perl, phishing, php, privacy, review, rootkits, security, social engineering, sql injection, ssh, tools, virtualization, virus, vulnerability, website, wireless, xml, xsrf, xss

Links

Sites or researchers I dig

Blog Articles

Advisories