Articles in vulnerability

  1. Drupal Organic Groups Menu Module 6.x-2.0 XSS Vulnerability - The Drupal OG Menu module contains a cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize menu descriptions before display.
  2. NuralStorm Webmail Multiple Vulnerabilities - A recent code audit of the NuralStorm Webmail system revealed a number of serious vulnerabilities. If you are using NuralStorm please review the following vulnerability report. It is recommended that you restrict access to any NuralStorm installations i
  3. Drupal Views Module Information Disclosure Vulnerability - The Drupal Views module contains an information disclosure vulnerability due to the fact that it allows access to user profile data.
  4. Drupal FileField 6.x-3.3 XSS Vulnerability - The Drupal FileField module contains a cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize image filenames before display.
  5. Drupal Global Redirect 6.x-1.2 Arbitrary Redirection - Global Redirect does not perform adequate input checking allowing for arbitrary redirect.
  6. Drupal Ctools 6.x-1.3 Multiple Vulnerabilities - Drupal Ctools module version 6.x-1.3 contains multiple vulnerabilities, including arbitrary PHP exection, access bypass, and cross site request forgery.
  7. Drupal Context Module XSS - The Context module contains a cross site scripting (XSS) vulnerability because it fails to sanitize block descriptions before display.
  8. TaskFreak 0.6.2 SQL Injection Vulnerability - The Tirzen Framework is a supporting API developed by Tirzen, an intranet and internet solutions provider. The Tirzen Framework contains a SQL injection vulnerability. This vulnerability could allow an attacker to arbitrarily manipulate SQL strings cons
  9. Drupal Better Formats 6.x-1.2 XSS Vulnerability - Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. The Drupal Better Formats module (http://drupal.org/project/better_formats) contains a cross site scripting (XSS) vulnerability due to the fact that it fails
  10. Drupal Zen Theme 6.x-1.1 XSS Vulnerability - Drupal is a robust content management system (CMS) written in PHP and MySQL that provides custom look and feel functionality with themes. The popular Zen theme contains a cross site scripting vulnerability due to the fact that it fails to properly saniti
  11. Drupal Help Injection Module XSS Vulnerability - Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL that provides extensibility through hundreds of third party modules. The Advanced Help Injection and Export Module (http://drupal.org/project/helpinject) \
  12. Drupal Twitter Module Credential Exposure - The Twitter Module suffers from potential vulnerability due to the fact that it could expose stored Twitter account credentials to theft or exposure.
  13. dotProject Multiple Vulnerabilities - dotProject (http://www.dotproject.net/) is a robust open source project management tool written in PHP and MySQL. dotProject contains numerous serious cross site scripting (XSS) and SQL injection vulnerabilities.
  14. Magento eCommerce XSS Vulnerabilities - Magento (http://www.magentocommerce.com/) is an eCommerce platform written in MySQL and PHP. Magento contains numerous serious cross site scripting (XSS) vulnerabilities.
  15. Drupal 5.x and 6.x Core Contact Form XSS Vulnerability - Drupal up to 5.20 and 6.14 suffer from a cross site scripting vulnerability in the Drupal core.
  16. Drupal 6.x Core XSS Vulnerability - Drupal 6.x suffers from a cross site scripting (XSS) vulnerability
  17. Drupal Sections Module 6.x-1.2 XSS Vulnerability - The Sections module contains a cross site scripting vulnerability because it does not properly sanitize output of section names before display.
  18. Drupal Workflow 6.x-1.1 and 5.x-2.3 XSS Vulnerability - The Workflow module versions 6.x-1.1 and 5.x-2.3 contain a cross site scripting vulnerability.
  19. Exploiting PHP PCRE Functions - An examination of the /e flag in the PHP preg_replace function and how it can lead to vulnerabilities (and exploits).
  20. PHP Null Byte Poisoning - Null byte poisoning can be an extremely dangerous problem in PHP applications. In order to fully understand the PHP null byte issue we have to examine how C handles strings.
  21. Drupal Sitemap 6.x-1.1 XSS Vulnerability - The Drupal Sitemap module version 6.x-1.1 suffers from a cross site scripting vulnerability.
  22. Drupal Webform 6.x-2.7 and 5.x-2.7 XSS Vulnerabilities - The Drupal Webform module versions 6.x-2.7 and 5.x-2.7 contain cross site scripting vulnerabilities.
  23. Drupal 5.20 and 6.14 Filter Module (Core) XSS Vulnerabilities - The Drupal core Filter module in versions 5.20 and 6.14 contains a cross site scripting (XSS) vulnerability.
  24. Drupal Wikitools 6.x-1.2 and 5.x-1.3 XSS Vulnerability - The Drupal Wikitools module versions 6.x-1.2 and 5.x-1.3 contain cross site scripting vulnerabilities.
  25. Drupal 5.20 and 6.14 (Core) XSS Vulnerabilities - Drupal 6.14 and 5.20 suffer from cross site scripting vulnerabilities.
  26. Drupal Service Links 6.x-1.0 XSS Vulnerability - The Drupal Service Links module version 6.x-1.0 contains a cross site scripting vulnerability.
  27. Drupal CCK 5.x-1.10 XSS Vulnerability - The CCK module version 5.x-1.10 contains a cross site scripting vulnerability because it does not properly sanitize output of group labels before display.
  28. Drupal Biblio Module 6.x-1.6 XSS Vulnerability - The Drupal Biblio module 6.x-1.6 contains numerous cross site scripting (XSS) vulnerabilities.
  29. Exploiting Drupal Node2Node XSS Vulnerability - Instructions on exploiting the recently unpublished Drupal Node2Node module.
  30. If a Vulnerability Falls in the Forest - If a vulnerability is discovered that is only exploitable via implementation, should the implementation or the base API be patched?
  31. Drupal ImageCache 6.x-2.0-beta9 Multiple XSS Vulnerability - The Drupal ImageCache module version 6.x-2.0-beta9 contains several cross site scripting vulnerabilities because it does not properly sanitize output of action preset values before display.
  32. Drupal Print 6.x-1.7 Multiple XSS Vulnerabilities - The Drupal Print module version 6.x-1.7 contains numerous stored cross site scripting (XSS) vulnerabilities.
  33. Drupal Biblio Module 6.x-1.5 XSS Vulnerability - The Drupal Biblio module version 6.x-1.5 contains a cross site scripting vulnerability because it does not properly sanitize output of titles before display.
  34. Drupal Date 6.x-2.2 and Calendar 6.x-2.1 XSS Vulnerability - The Drupal Calendar module version 6.x-2.2 suffers from a cross site scripting (XSS) vulnerability due to the fact that it does not properly sanitize names during display.
  35. Drupal Views 6.x-2.5 XSS Vulnerability - The Drupal Views module 6.x-2.5 contains a cross site scripting vulnerability.
  36. Drupal Taxonomy Manager 6.x-1.0 XSS Vulnerability - The Drupal Taxonomy Manager version 6.x-1.0 suffers from a cross site scripting vulnerability.
  37. Drupal NodeQueue 6.x-2.1 XSS Vulnerability - The NodeQueue module version 6.x-2.1 suffers from a cross site scripting (XSS) vulnerability due to the fact that it does not properly sanitize taxonomy names during display.
  38. Drupal Email Field 6.x-1.1 XSS Vulnerability - The Drupal Email Field module version 6.x-1.1 contains a cross site scripting vulnerability due to the fact that it fails to sanitize help text entered by users during content type configuration.
  39. Drupal 6 Core Cross Site Scripting Vulnerabilities - Drupal 6.12 core contains two oft used functions that fail to properly sanitize output.
  40. Drupal Flag Module 6.x-1.1 Multiple Vulnerabilities - The Drupal Flag module version 6.x-1.1 contains multiple vulnerabilities.
  41. Drupal Embedded Media 6.x-1.0 Multiple XSS - The Drupal Embedded media field module version 6.x-1.0 contains several cross site scripting vulnerabilities.
  42. Drupal Content Access Module 6.x-1.1 XSS - Drupal content access module version 6.x-1.1 contains a cross site scripting vulnerability.
  43. Drupal 6.12 (core) User Module XSS Vulnerability - Drupal 6.12 core user module contains a cross site scripting vulnerability.
  44. Pixie CMS Multiple Vulnerabilities - Pixie CMS version 1.01 contains multiple vulnerabilities.
  45. Drupal CCK 6.x-2.2 XSS Vulnerability - The Drupal CCK module version 6.x-2.2 contains a vulnerability that could allow an authenticated attacker to inject arbitrary script into administration screens for content types.
  46. Drupal 5.17 Taxonomy (Core) Module Contains XSS Vulnerability - Drupal 5.17 Taxonomy (Core) Module contains a cross site scripting vulnerability.
  47. MagpieRSS Multiple XSS Vulnerabilities - Magpie is often included as a component in other PHP applications so vulnerabilities in Magpie may have security implications for other applications. Magpie suffers from multiple cross site scripting vulnerabilities.
  48. Udev Exploit Allows Local Privilege Escalation - A nasty new udev vulnerability is floating around in the wild that allows local users on Linux systems with udev and 2.6 kernels (2.6 is required for udev) to gain root privileges.
  49. Security Review of NanoCMS - A brief security evaluation of NanoCMS version 0.4 final revealed a number of notable security vulnerabilities.
  50. Security Evaluation of Frog CMS - Frog CMS is a lightweight content management system written in PHP that supports several back-end databases
  51. Drupal Password Reset via XSS - The Drupal account page contains a flaw, which combined with a well crafted XSS attack, could be used to change a user's password to an arbitrary value.
  52. Drupal Protected Node 5.x-1.3 XSS Vulnerability - The Protected Node module version 5.x-1.3 fails to properly sanitize user input specified in the 'Password page info' input.
  53. Drupal Taxonomy Theme 5.x-1.1 XSS Vulnerability - The Drupal Taxonomy Theme module version 5.x-1.1 suffers from a cross site scripting vulnerability.
  54. pPIM 1.01 Multiple Vulnerabilities - pPIM 1.01 contains multiple vulnerabilities, from version information leakage, to system credential disclosure.
  55. Drupal Ad Module 5.x-1.7 XSS Vulnerability - Drupal Ad Module 5.x-1.7 XSS Vulnerability
  56. PHP-Calendar SQL Credential Disclosure - A vulnerarbility in PHP-Calender reveals the database host, username and password.
  57. Drupal Link 5.x-2.5 XSS Vulnerability - The Drupal Link module version 5.x-2.5 contains a cross site scripting vulnerability.
  58. Drupal Imagefield 5.x-2.2 Multiple Vulnerabilities - The Drupal Imagefield module version 5.x-2.2 contains multiple vulnerabilities.
  59. Drupal ImageField 5.x-2.2 Multiple Vulnerabilities - The Drupal Imagefield module version 5.x-2.2 contains multiple vulnerabilities.
  60. Analysis of the RoundCube html2text Vulnerability - Analysis of the RoundCube PHP injection vulnerability.
  61. Drupal Brilliant Gallery 5.x-4.1 SQL Injection Vulnerability - The Durpal Brilliant Gallery module version 5.x-4.1 contains a SQL injectin vulnerability.
  62. Drupal Ajax Checklist Module SQL Injection Vulnerability - The Drupal Ajax Checklist module version 5.x-1.0 contains a SQL injection vulnerability.
  63. Drupal Link to Us 5.x-10 XSS Vulnerability - The Drupal Link to us module version 5.x-10 contains a cross site scripting vulnerability.
  64. Drupal Answers Module 5.x-1.x-dev XSS Vulnerability - The Drupal Answers module version 5.x-1.x-dev contains a cross site scripting vulnerability.
  65. Drupal Answers 5.x-1.x-dev XSS Vulnerability - The Drupal answers module contains a cross site scripting vulnerability.
  66. Serious Vulnerability Reported in Google Chrome - A serious security vulnerability has been found in Google's new Chrome browser. Since the announcement of the new browser the security community has been putting it through the paces.
  67. Drupal Leaking Version Information - Upon installation Drupal relies on a functioning .htaccess file to protect critical module information, but Drupal will function even if the .htaccess protections aren't working properly.
  68. Exploiting the Drupal Suggest Terms Module - In the Drupal Suggested Terms module versions prior to 5.x-1.2 a cross site scripting (XSS) vulnerability exists.
  69. Flash 0-day - Security Focus (http://www.securityfocus.com/bid/29386/discuss) is reporting a new, as of yet patched, exploit that targets Adobe Flash, are circulating.
  70. Debian OpenSSL Predictable Key Vulnerability - It seems Debian has introduced a critical flaw into the OpenSSL implementation.
  71. Exploiting Input Validation - Exploiting form input validation failures is one of the easiest ways to leverage control of a web server through an online application.

Top Articles

  1. Installing Nikto on Windows
  2. SSHatter SSH Brute Forcer
  3. PHP Arbitrary File Include
  4. Hardening PHP from php.ini
  5. Web Hacking Lesson 4 - File Include Vulnerabilities
  6. Madirish Tutorial 11 (Brute Forcing)
  7. Using the Google Safe Browsing API from PHP
  8. Beginners Guide to PHP
  9. JavaScript Single/Double Quote Killer
  10. Using Soundex with MySQL

Tags

advisory, apache, authentication, brute force, c, certification, cms, computers, database, development, disclosure, drupal, editorial, email, encryption, exploit, feature, firewall, hardening, hardware, honeypot, how-to, incident response, intrusion detection, java, javascript, linux, malware, microsoft, mysql, networking, open source, oracle, ossec, perl, phishing, php, privacy, review, rootkits, security, social engineering, sql injection, ssh, tools, virtualization, virus, vulnerability, website, wireless, xml, xsrf, xss

Blog Articles

Advisories