Archive

Archive for May, 2009

Drupal Email Verification Module Script Insertion and Security Bypass

May 25th, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 5.x-2.1
Vendor’s URL: Email Verification Module
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.x-2.1 or 6.x-1.2.

Access Bypass, Content Management, Cross Site Scripting

Coppermine Photo Gallery Multiple Vulnerabilities

May 22nd, 2009
Comments Off

Application: Coppermine Photo Gallery
Affected Version: version 1.4.22 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection and System access
Risk Level: Critical

Solution:
Set “magic_quotes_gpc” to “On” and “register_globals” to “Off”.

Access Bypass, Image Galleries, SQL Injection

Drupal Node Access User Reference Module Security Bypass

May 22nd, 2009
Comments Off

Application: Drupal
Affected Version: prior to version 5.x-2.0-beta4 and 6.x prior to version 6.x-2.0-beta6.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Medium

Solution:
The security issue is fixed in version 5.x-2.0-beta4 and 6.x-2.0-beta6.
http://drupal.org/node/448390
http://drupal.org/node/448392

Access Bypass, Content Management

Drupal Script Insertion and Information Disclosure

May 22nd, 2009
Comments Off

Application: Drupal
Affected Version: prior to version 5.17 and Drupal 6.x prior to version 6.11.
Vendor’s URL: Drupal
Bug Type: Cross Site Scripting and Information Disclosure
Risk Level: Medium

Solution:
Update to Drupal 6.11 or Drupal 5.17, or apply the patches.

http://ftp.drupal.org/files/projects/drupal-6.11.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz

http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-6.10.patch
http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patch

Content Management, Cross Site Scripting, Information Disclosure