Avisos de Seguridad

Multiple vulnerabilities in Database Administration (dba) module

By gustavo_pardo - Posted on Abril 11th, 2007

Tags: Avisos de Seguridad

------------MULTIPLE VULNERABILITIES IN DATABASE ADMINISTRATION (DBA) MODULE------------

* Advisory ID: DRUPAL-SA-2007-013.

* Project: Database Administration (third-party module).

* Version: 4.6.x-1.*, 4.7.x-1.*.

* Date: 2007-April-11.

* Security risk: Critical.

* Exploitable from: Remote.

* Vulnerability: Cross site scripting and cross site request forgery.

leer más • Inicie sesión o regístrese para enviar comentarios • 918 lecturas

False Drupal XSS alarm on BugTraq

By gustavo_pardo - Posted on Enero 5th, 2006

Tags: Avisos de Seguridad

Someone under the pseudonym "Liz0ziM" sent a false security alarm to BugTraq
without first contacting the security team:

http://www.securityfocus.com/archive/1/420671/30/0/threaded

This vulnerability is fixed in Drupal 4.5.6, 4.6.4 and onwards. Drupal's new
XSS filter mechanism takes care of all vulnerabilities listed on
http://ha.ckers.org/xss.html (and even more).

If you have already updated to at least 4.5.6 / 4.6.4 then you are safe and you

leer más • Inicie sesión o regístrese para enviar comentarios • 765 lecturas

drupaleros.com.ar