oval:org.mitre.oval:def:7333
Definition Id: oval:org.mitre.oval:def:7333 | |||
Oval ID: | oval:org.mitre.oval:def:7333 | ||
Title: | DSA-1930 drupal6 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been found in drupal6, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: Gerhard Killesreiter discovered a flaw in the way user signatures are handled. It is possible for a user to inject arbitrary code via a crafted user signature. (SA-CORE-2009-007) Mark Piper, Sven Herrmann and Brandon Knight discovered a cross-site scripting issue in the forum module, which could be exploited via the tid parameter. (SA-CORE-2009-007) Sumit Datta discovered that certain drupal6 pages leak sensitive information such as user credentials. (SA-CORE-2009-007) Several design flaws in the OpenID module have been fixed, which could lead to cross-site request forgeries or privilege escalations. Also, the file upload function does not process all extensions properly leading to the possible execution of arbitrary code. (SA-CORE-2009-008) The oldstable distribution (etch) does not contain drupal6. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1930 CVE-2009-2372 CVE-2009-2373 CVE-2009-2374 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | drupal6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6513 | |||
Oval ID: | oval:org.mitre.oval:def:6513 | ||
Title: | Debian GNU/Linux 5.0 is installed | ||
Description: | Debian GNU/Linux 5.0 (lenny) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:5.0 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:7333 |