iThoughts Multiple Vulnerabilities
iThoughts iOS application for iPhone and iPad contains numerious vulnerabilities.
iThoughts iOS application for iPhone and iPad contains numerious vulnerabilities.
The Password Policy module suffers from a persistent (stored) cross site scripting (XSS or arbitrary script injection) vulnerability because it fails to sanitize expiration warning messages before display.
Drupal (https://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. Drupal core suffers from multiple persistent (stored) cross site scripting (XSS, or arbitrary script injection) because the core System module fails to sanitize module names and descriptions provided in module metadata files (identified by their .info extension) before display in some locations.
A cross site scripting (XSS), or arbitrary script injection, vulnerability exists in TinyMCE due to the fact that the bbcode plugin violates the explicit security policy of TinyMCE. If the bbcode plugin is enabled, but encoding is enabled using the "encoding" directive, or sanitizing is enabled using the "valid_elements" attribute, these mechanisms fail to function as expected.
Drupal Ctools prior to 6.x-1.10 contains an XSS vulnerability
The Drupal OM Maximenu module, prior to versions 6.x-1.44 and 7.x-1.44, contains suffers from a number of vulnerabilities, including several arbitrary script injection (XSS) flaws. The module also gives users with permission to "Administer OM Maximenu" the ability to execute arbitrary PHP with no indication of the power of this privilege. This could allow attackers who gain access to accounts with this permission to compromise the host web server, attack other users, and more.
The Drupal Inf08 theme, prior to versions 6.x-1.10, contains a XSS vulnerability due to the fact that it fails to properly sanitize taxonomy terms before display. This could allow attackers who have the ability to create taxonomy terms to perform arbitrary script injection attacks via persistent cross site scripting.
The Drupal HotBlocks module contains a persistent cross site scripting (XSS), or arbitrary script injection, vulnerability due to the fact that it fails to sanitize user supplied data before display. The HotBlocks module also suffers from a denial of service vulnerability due to a user triggered infinite code loop.
Transmission (http://www.transmissionbt.com) is a popular, cross platform, open source BitTorrent client. Transmission includes functionality to enable a web based display of the application. Unfortunately this web based client doesn't sanitize text from torrent files that are loaded into the client resulting in an arbitrary script include (or cross site scripting (XSS)) vulnerability.
Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. The Drupal LESS CSS Preprocessor (hereafter Less) module (https://drupal.org/project/less) "will automatically process any LESS files that are added using drupal_add_css or added through your theme's .info file." The Less module contains a persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize Less error messages before display.
Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. The Drupal FileField Sources module (https://drupal.org/project/filefield_sources) "lets you upload files from your computer through a CCK field. The FileField Sources module expands on this ability by allowing you to select new or existing files through additional means." The FileField Sources module contains a persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize user supplied filenames before display.
Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. The Drupal Custom Publishing Options module (https://drupal.org/project/custom_pub) contains a persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize format names before display.
The Drupal Creative Commons module (https://drupal.org/project/creativecommons) "allows users to select and assign a Creative Commons license to a node and any attached content, or to the entire site. It also provides integration between CC and Drupal technology." The Creative Commons module contains multiple persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize user supplied input before display.
The Drupal Mulitblock module contains a persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize block descriptions names before display.
The Drupal Wish List module (https://drupal.org/project/wishlist) "Allows authorized users to submit wishlist nodes to your web site which describe items they would like for a special occasion." The Wish List module contains a cross site scripting vulnerability due to the fact that unchecked URL variables are used to render JavaScript actions on site pages.
The Drupal Multisite Search module (https://drupal.org/project/multisite_search) contains a SQL injection vulnerability due to the fact that it doesn't sanitize the user supplied table_prefix value during query construction in the multisite_search_cron() function called when the Drupal cron is run.
Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. The Drupal Mobile Tools module (https://drupal.org/project/mobile_tools) "provides Drupal developers with some tools to assist in making a site mobile." The Mobile Tools module contains several persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize user supplied values before display.
The Drupal Data module (https://drupal.org/project/data) "helps you model, manage and query related sets of tables. It offers an administration interface and a low level API for manipulating tables and accessing their contents." The Data module contains a persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize table names before display.
Reported: January 6, 2012
The Drupal U Create module (https://drupal.org/project/ucreate) contains an arbitrary redirection vulnerability due to the fact that unchecked URL variables are used to compose link destinations in administrative screens.
The Video Filter module version 6.x-2.8 contains an arbitrary HTML injection vulnerability (also known as cross site scripting, or XSS) due to the fact that it fails to user supplied third party data before display.
The Drupal Vote Up Down module version 6.x-3.0 contains a persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize taxonomy terms before display.
The Drupal Autocomplete Node Finder module (https://drupal.org/project/autocomplete_node_finder) contains a persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize node titles before display.
The Drupal SuperCron module version 6.x-1.3, created by 63 Reasons (http://www.63reasons.com/), contains a persistent arbitrary HTML injection vulnerability (also known as cross site scripting, or XSS) due to the fact that it fails to user supplied data before display.
Reported: August 31, 2011
Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. The Drupal Webform Validation module (http://drupal.org/project/webform_validationt) is designed to provide additional verification for nodes using the Webform module (http://drupal.org/project/webform). The Webform Validation module contains multiple cross site scripting (XSS) vulnerabilities due to the fact that it fails to sanitize rule names or custom error messages before display.
Reported to Vendor: March 16, 2011 15:25 EST
Linksys WRT54G is a consumer wireless G broadband router and four port switch. The admin interface does not sanitize keywords for safe browsing leading to a stored/persistent cross site scripting (XSS) vulnerability.
Linksys BEFSR41 is a consumer grade cable and DSL router and four port switch. Unfortunately the web based management interface does not sanitize certain user supplied data leading to a cross site scripting (XSS) vulnerability.
The Messaging framework module contains multiple cross site scripting (XSS) vulnerabilities due to the fact that the user supplied input is not sanitized before display.
The Drupal SWF Tools module contains multiple cross site scripting (XSS) vulnerabilities due to the fact that it fails to sanitize user supplied input before display.
The Data module contains multiple Cross Site Scripting (XSS) and SQL injection vulnerabilities.
The Custom Pagers module contains an arbitrary HTML injection vulnerability (also known as cross site scripting, or XSS) due to the fact that it fails to sanitize Custom Pagers names before display in the administrative back end interface.
The Drupal Panels module contains an arbitrary HTML injection vulnerability (also known as cross site scripting, or XSS) due to the fact that it fails to sanitize div classes and id specifications for panels before display.
Unfortunately the Drupal Panels module contains an arbitrary HTML injection vulnerability (also known as cross site scripting, or XSS) due to the fact that it fails to sanitize div classes and id specifications for panels before display.
The Drupal Image module contains a cross site scripting (XSS) vulnerability due to the fact that the module fails to sanitize gallery names before display.
Unfortunately the Embedded Media Field module contains an arbitrary HTML injection vulnerability (also known as cross site scripting, or XSS) due to the fact that it fails to sanitize filenames of thumbnail images before display.
The Embedded Media Field module contains a vulnerability that could allow arbitrary file upload and potentially code execution.
The Drupal Embedded Media Field module contains an arbitrary HTML injection vulnerability (also known as cross site scripting, or XSS).
e107 is a PHP/MySQL based content management system. e107 versions prior to 0.7.23 suffer from cross site scripting and cross site request forgery vulnerabilities.
The Drupal core modules actions and triggers manifest a cross site scripting (XSS) vulnerability because they fail to sanitize user supplied input rendered in display.
The Drupal OG Menu module contains a cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize menu descriptions before display.
A recent code audit of the NuralStorm Webmail system revealed a number of serious vulnerabilities. If you are using NuralStorm please review the following vulnerability report. It is recommended that you restrict access to any NuralStorm installations immediately and disable NuralStorm if possible. There is currently no patch or work around for the vulnerabilities described herein.
The Drupal Views module contains an information disclosure vulnerability due to the fact that it allows access to user profile data.
The Drupal FileField module contains a cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize image filenames before display.
Global Redirect does not perform adequate input checking allowing for arbitrary redirect.
Drupal Panels module 6.x-3.3 cross site scripting vulnerability.
Drupal Ctools module version 6.x-1.3 contains multiple vulnerabilities, including arbitrary PHP exection, access bypass, and cross site request forgery.
The Context module contains a cross site scripting (XSS) vulnerability because it fails to sanitize block descriptions before display.
The Tirzen Framework (http://www.tirzen.net/tzn/) is a supporting API developed by Tirzen (http://www.tirzen.com), an intranet and internet solutions provider. The Tirzen Framework contains a SQL injection vulnerability (http://www.owasp.org/index.php/SQL_Injection). This vulnerability could allow an attacker to arbitrarily manipulate SQL strings constructed using the library. This vulnerability manifests itself most notably in the Task Freak (http://www.taskfreak.com/) open source task management software. The vulnerability can be exploited to bypass authentication and gain administrative access to the Task Freak system.
Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. The Drupal Better Formats module (http://drupal.org/project/better_formats) contains a cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize format names before display.
Drupal is a robust content management system (CMS) written in PHP and MySQL that provides custom look and feel functionality with themes. The popular Zen theme contains a cross site scripting vulnerability due to the fact that it fails to properly sanitize breadcrumb separators upon display allowing arbitrary script injection.
Drupal 6 contains a cross site scripting (XSS) vulnerability in the Profile module.
The (ironically named) Drupal Help Injection module suffers from an arbitrary HTML injection vulnerability.
The Drupal Twitter module handles credentials in an unsafe manner, allowing anyone with read access to the Drupal database, or with access to network traffic between the Drupal server and the Twitter API, to observe the full Twitter username and password for Twitter user configured through the module.
Magento (http://www.magentocommerce.com/) is an eCommerce platform written in MySQL and PHP. Magento contains numerous serious cross site scripting (XSS) vulnerabilities.
dotProject (http://www.dotproject.net/) is a robust open source project management tool written in PHP and MySQL. dotProject contains numerous serious cross site scripting (XSS) and SQL injection vulnerabilities.
Drupal 6.x suffers from a cross site scripting (XSS) vulnerability
Drupal up to 5.20 and 6.14 suffer from a cross site scripting vulnerability in the Drupal core.
The Sections module contains a cross site scripting vulnerability because it does not properly sanitize output of section names before display.
The Drupal Filter module, part of Drupal core, contains a cross site scripting vulnerability in Drupal version 5.20 and 6.14. This vulnerability could allow attackers that can manipulate the site name variable to inject arbitrary HTML into page display.
The Drupal Wikitools module versions 6.x-1.2 and 5.x-1.3 contain cross site scripting vulnerabilities due to the fact that they fail to sanitize the output of content type names before display. This vulnerability could allow attackers who can craft content type names to inject arbitrary HTML into pages.
The Drupal Webform module versions 6.x-2.7 and 5.x-2.7 contain cross site scripting vulnerabilities.
Drupal 6.12 core contains two oft used functions that fail to properly sanitize output. Drupal utilizes the non-standard method of user supplied input sanitizing by scrubbing data as it is retrieved from the data layer, rather than as it is submitted. This leads to many instances of confusion amongst developers and vulnerabilities in Drupal modules. Even the Drupal core is not immune to these sorts of errors. Cross site scripting vulnerabilities, or the injection of arbitrary HTML into the data layer that is later rendered without being sanitized, can lead to compromise of Drupal user accounts.
Drupal 6 does a rather good job of preventing unauthorized users from injecting PHP into content in order to take control of the web server. Unlike Drupal 5, Drupal 6 does not have a default PHP input type, which is a huge leap forward in preventing users from crafting PHP. This helps protect the web server from compromise should someone gain Drupal credentials. The Drupal site touts this new feature.
Drupal Ad Module 5.x-1.7 has a cross site scripting vulnerability.
This vulnerability centers around the fact that PHP-Calendar comes with update scripts to update previous versions of the software. These scripts will print to the screen the database host, username, password, database name, table prefix, and database type. PHP-Calendar (http://www.php-calendar.com) was "written for a college social group at Northeastern University to keep track of events, etc. We were previously using localendar, which I (Sean Proctor) didn't like and had some problems with. I found CST-Calendar which did most of what I wanted, but was rather ugly and missed some features that we needed. So, I gradually re-wrote CST-Calendar since that project seemed to have stopped work entirely."
The Drupal Link module version 5.x-2.5 contains a cross site scripting vulnerability.
The Drupal Imagefield module version 5.x-2.2 contains multiple vulnerabilities.
The Brilliant module (http://drupal.org/project/brilliant_gallery), created by Vacilanda (http://www.vacilando.org/) is designed to allow users to easily create dynamic picture galleries by uploading images directly to a server and including code directly within nodes to display the gallery. Unfortunately the module contains a SQL injection vulnerability.
The Drupal Ajax Checklist module version 5.x-1.0 contains a SQL injection vulnerability.
The Drupal Link to us module version 5.x-10 contains a cross site scripting vulnerability.
The Drupal Answers module version 5.x-1.x-dev contains a cross site scripting vulnerability.
Drupal 6.14 and 5.20 suffer from cross site scripting vulnerabilities because they fail to properly sanitize the 'site name' and 'site slogan' values in the HTML headers, allowing attackers with privileges to alter these values to inject arbitrary HTML.
The Drupal Sitemap module version 6.x-1.1 suffers from a cross site scripting vulnerability.
The Drupal answers module contains a cross site scripting vulnerability.
A brief security evaluation of NanoCMS version 0.4 final revealed a number of notable security vulnerabilities.
The Workflow module versions 6.x-1.1 and 5.x-2.3 contain a cross site scripting vulnerability.
The Drupal Imagefield module version 5.x-2.2 contains multiple vulnerabilities including an arbitrary file upload vulnerability and a cross site scripting (xss) vulnerability.
pPIM came to my attention recently with the publishing on Milw0rm of exploit code designed to facilitate remote command execution (http://www.milw0rm.com/exploits/8093). As there is a milw0rm exploit already posted it is likely malicious users are already exploiting pPIM. I decided to have a closer look at pPIM and, quite frankly, was horrified by what I found. pPIM contains multiple vulnerabilities, from version information leakage, to system credential disclosure, to remote command execution, authentication bypass and cross site scripting vulnerabilities. Possibly the only class of vulnerability pPIM is not exposed to is SQL injection as it doesn't employ any database back end. That said, there seemed to be nothing in the way of security other than an easily bypassable GET variable check in the header, present in pPIM. The following is a brief synopsis of my findings, although I gave up investigation at after discovering so many flaws in the application's architecture with respect to security.
Drupal 6.22 core contains a cross site scripting vulnerability in the user module.
Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL that provides extensibility through various core modules. The user module controls user login and management. The user module's access rules functionality contains a persistent cross site scripting vulnerability because it fails to sanitize mask values before display.
Drupal 6.22 was tested and shown to be vulnerable.
AeroMail 2 is a lightweight PHP based e-mail client. AeroMail 2 suffers from a number of cross site scripting (XSS) as well as cross site request forgery (CSRF or XSRF) vulnerabilities. These vulnerabilities could allow remote attackers to send e-mail (possibly spam) as a user, delete e-mail, or create persistent arbitrary code that could be used to attack client side vulnerabilities.
AeroMail 2 suffers from a number of cross site scripting (XSS) and cross site request forgery (CSRF) vulnerabilities.Vulnerability Report
AeroMail 2 is a lightweight e-mail client written in PHP.
The Drupal Download Count module (http://drupal.org/project/download_count) is designed to keep track of file downloads on Drupal sites. This module contains multiple cross site scripting (XSS) vulnerabilities due to the fact that it fails to sanitize user supplied input before display.
Recently the Drupal team released a security upgrade to the Drupal core to versions 6.21, 6.22, 7.1 and 7.2. These updates fixed several security flaws, the most commonly exploitable of which is a flaw in the core color module that allowed an attacker who could gain access to the color picker widget (for instance through the theme administration) to perform cross site scripting (XSS) attacks. This flaw resulted in a persistent XSS vulnerability in the Drupal core.
The Drupal ImageCache module version 6.x-2.0-beta9 contains several cross site scripting vulnerabilities because it does not properly sanitize output of action preset values before display.
The Flag module version 6.x-1.1 contains a cross site scripting vulnerability because it does not properly sanitize output of role names before display during flag creation.
The Drupal Print module version 6.x-1.7 contains numerous stored cross site scripting (XSS) vulnerabilities.
The Drupal Biblio module version 6.x-1.5 contains a cross site scripting vulnerability because it does not properly sanitize output of titles before display.
The Drupal Calendar module version 6.x-2.2 suffers from a cross site scripting (XSS) vulnerability due to the fact that it does not properly sanitize names during display.
The NodeQueue module version 6.x-2.1 suffers from a cross site scripting (XSS) vulnerability due to the fact that it does not properly sanitize taxonomy names during display.
The Drupal Views module 6.x-2.5 contains a cross site scripting (XSS) vulnerability. XSS vulnerabilities may expose site administrative accounts to compromise which could lead to web server process compromise.
The Drupal Taxonomy Manager version 6.x-1.0 suffers from a cross site scripting vulnerability because it fails to properly sanitize the "Vocabulary name" during output, allowing for the injection of arbitrary HTML.
The Drupal Email Field module version 6.x-1.1 contains a cross site scripting vulnerability due to the fact that it fails to sanitize help text entered by users during content type configuration.
The Drupal Flag module version 6.x-1.1 contains several cross site scripting vulnerabilities because it does not properly sanitize output of role names before display. The flag module also contains cross site scripting vulnerabilities because it fails to properly sanitize content type names. Additionally the Flag module contains a SQL injection vulnerability because it does not properly sanitize variables before concatenating them into a SQL query.
The Drupal Embedded Media Field module version 6.x-1.0 contains several cross site scripting (xss) vulnerabilities because it does not properly sanitize the output of 'Help text', 'Custom thumbnail label', of 'Custom thumbnail description' specified when creating an Embedded Media Field content type field.
he user module is provided as part of the Drupal 6 core modules and contains a cross site scripting (XSS) vulnerability that can allow users with the 'administer permissions' permission to inject arbitrary HTML into role names. Users with 'administer permissions' permission could create new roles containing malicious JavaScript and silently attack site administrators. While users with this permission could elevate the permissions of their own role using permissions they have been granted, this flaw could allow for a "stealth" attack vector.
The Drupal CCK module version 6.x-2.2 contains a vulnerability that could allow an authenticated attacker to inject arbitrary script into administration screens for content types.
Drupal 5.17 Taxonomy module, which is part of the Drupal core and is enabled by default upon installation, contains a cross site scripting vulnerability that allows users with the 'administer taxonomy' permission to inject arbitrary HTML in the help text of any Category vocabulary.
Magpie suffers from multiple cross site scripting vulnerabilities.
The Drupal Service Links module version 6.x-1.0 contains a cross site scripting vulnerability because it does not properly sanitize output of content type names before display.
The CCK module version 5.x-1.10 contains a cross site scripting vulnerability because it does not properly sanitize output of group labels before display.
The Drupal Biblio module 6.x-1.6 contains numerous cross site scripting (XSS) vulnerabilities.
Pixie is a dynamic, PHP based content management system (CMS). Pixie version 1.01 contains several vulnerabilities (including SQL injection and cross site scripting).
The Protected Node module version 5.x-1.3 fails to properly sanitize user input specified in the 'Password page info' input
The Drupal Taxonomy Theme module version 5.x-1.1 suffers from a cross site scripting vulnerability.
There have been quite a few Cross Site Scripting (XSS) vulnerabilities discovered in Drupal modules recently. Many people scoff at XSS and even argue that it's a low threat vulnerability. In many cases this is certainly true, however XSS can be used as an element in an attack that leverages other security weaknesses to devastating consequence. A case in point is the password changing option in Drupal. Drupal does a wonderful job in preventing against Cross Site Request Forgery (XSRF or CSRF) by placing tokens in forms to validate posts. Drupal provides a token in the id "edit-user-edit-form-token" in the edit user form (found at ?a=user/X/edit where X is the user id number). A sample value contained in this hidden form field is "5545a410de3662f1844af7ee6f1ee770" - a value sufficiently long and random that an attacker would have great difficulty in guessing the value. However, the Drupal account page doesn't require users to enter the current account password in order to change the password to a new value. This flaw, combined with a well crafted XSS attack, could be used to change a user's password to an arbitrary value. What's worse, Drupal uses session cookies by default that can keep users logged into the site for days. This means that a user could be the victim of a password changing attack and not even realize their password had been changed for some time (until their session cookie timed out or they logged out of the site) when they were forced to log back in to the site. The user would still be able to request a password reset via e-mail, so they would not be locked out of the site, but they might have their account hijacked for some time in the interim.
Frog CMS (http://www.madebyfrog.com/) is a lightweight content management system written in PHP that supports several back-end databases (including MySQL). "Frog CMS simplifies content management by offering an elegant user interface, flexible templating per page, simple user management and permissions, as well as the tools necessary for file management."
Frog CMS uses a robust, object oriented PHP codebase that eliminates many of the most common web application vulnerabilities found in PHP. Frog CMS does, however, have some deficiencies that should be cause for concern. The following are issues identified during a short code audit of the application...
The Drupal content management system (CMS) is powered by many modules that extend the capabilities of the base system. Vulnerabilities in contributed modules are the source of many of Drupal's security woes. Determining module version information allows attackers to target sites with vulnerable modules. There are many means for attackers to profile Drupal sites to determine which modules are installed and the version installation.