|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1764 CVE : CVE-2006-5477 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : No Credit : Uwe Hermann (uwe hermann-uwe de) Published : 25.10.2006
Advisory Content : ------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-026 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Less critical Exploitable from: Remote Vulnerability: HTML attribute injection ------------------------------------------------------------------------ ---- Description ----------- A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such a url, for example, will submit all data, such as his/her e-mail address, but also possible private profile data, to a third-party site. Versions affected ----------------- - Drupal 4.6.x versions before Drupal 4.6.10 - Drupal 4.7.x versions before Drupal 4.7.4 Solution - If you are running Drupal 4.6.x then upgrade to Drupal 4.6.10. http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.10.tar.gz - If you are running Drupal 4.7.x then upgrade to Drupal 4.7.4. http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.4.tar.gz - To patch Drupal 4.6.9 use http://drupal.org/files/sa-2006-026/4.6.9.patch. - To patch Drupal 4.7.3 use http://drupal.org/files/sa-2006-026/4.7.3.patch. Please note that the patches only contain changes related to this advisory, and do not fix bugs that were solved in 4.6.10 or 4.7.4. Reported by ----------- Frederic Marand. Contact ------- The security contact for Drupal can be reached at security at drupal.org or using the form at http://drupal.org/contact. // Uwe Hermann, on behalf of the Drupal Security Team. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFN7D2XdVoV3jWIbQRAn30AJ4wDXVgTcsZ6AVZU0iz8oFYqTx8dACeNXFj D4MxzZKaxPKknex3KMezI6Y= =eFVr -----END PGP SIGNATURE-----  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |