Blogs

Drupal LDAP Integration Cross Site Scripting and Authentication Bypass Vulnerabilities

http://www.securityfocus.com/bid/36860

"Drupal LDAP Integration is prone to a cross-site scripting
vulnerability and multiple authentication-bypass vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials, execute arbitrary code, and gain
unauthorized access to the affected application. "

This affects Drupal LDAP Integration 6.x-1.0-beta1, Drupal LDAP
Integration 5.x-1.4.

Drupal LDAP Integration Cross Site Scripting and Authentication Bypass Vulnerabilities

http://www.securityfocus.com/bid/36860

"Drupal LDAP Integration is prone to a cross-site scripting
vulnerability and multiple authentication-bypass vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials, execute arbitrary code, and gain
unauthorized access to the affected application. "

This affects Drupal LDAP Integration 6.x-1.0-beta1, Drupal LDAP
Integration 5.x-1.4.

Drupal LDAP Integration Cross Site Scripting and Authentication Bypass Vulnerabilities

http://www.securityfocus.com/bid/36860

"Drupal LDAP Integration is prone to a cross-site scripting
vulnerability and multiple authentication-bypass vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials, execute arbitrary code, and gain
unauthorized access to the affected application. "

This affects Drupal LDAP Integration 6.x-1.0-beta1, Drupal LDAP
Integration 5.x-1.4.

Pegasus Mail POP3 Response Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/36797/info

"Pegasus Mail is prone to a remote buffer-overflow vulnerability because
it fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary code in the
context of the vulnerable application. Failed exploit attempts will
likely result in a denial-of-service condition.

Pegasus Mail 4.51 is vulnerable; other versions may also be affected."

Pegasus Mail POP3 Response Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/36797/info

"Pegasus Mail is prone to a remote buffer-overflow vulnerability because
it fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary code in the
context of the vulnerable application. Failed exploit attempts will
likely result in a denial-of-service condition.

Pegasus Mail 4.51 is vulnerable; other versions may also be affected."

Multiple vulnerabilities in Opera allow for remote code execution and URL obfuscation

http://blogs.zdnet.com/security/?p=4775

"Specially crafted domain names can cause a memory corruption in Opera,
which may lead to a crash. Successful exploitation can lead to execution
of arbitrary code."

"Opera may allow scripts to run on the feed subscription page, thereby
gaining access to the feeds object. This can be used for automatic
subscription of feeds, or reading other feeds."

Multiple vulnerabilities in Opera allow for remote code execution and URL obfuscation

http://blogs.zdnet.com/security/?p=4775

"Specially crafted domain names can cause a memory corruption in Opera,
which may lead to a crash. Successful exploitation can lead to execution
of arbitrary code."

"Opera may allow scripts to run on the feed subscription page, thereby
gaining access to the feeds object. This can be used for automatic
subscription of feeds, or reading other feeds."

Pegasus Mail POP3 Response Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/36797/info

"Pegasus Mail is prone to a remote buffer-overflow vulnerability because
it fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary code in the
context of the vulnerable application. Failed exploit attempts will
likely result in a denial-of-service condition.

Pegasus Mail 4.51 is vulnerable; other versions may also be affected."

Multiple vulnerabilities in Opera allow for remote code execution and URL obfuscation

http://blogs.zdnet.com/security/?p=4775

"Specially crafted domain names can cause a memory corruption in Opera,
which may lead to a crash. Successful exploitation can lead to execution
of arbitrary code."

"Opera may allow scripts to run on the feed subscription page, thereby
gaining access to the feeds object. This can be used for automatic
subscription of feeds, or reading other feeds."

Drupal - SA-CONTRIB-2009-085 - Insert Node - Cross Site Scripting

http://drupal.org/node/617400

"Description

The Insert Node module provides an input filter that enables a node to
be inserted within the body field of another node.

The module fails to sanitize the inserted node, making it vulnerable to
a cross site scripting (XSS) attack.
Versions affected

* Insert Node module versions for Drupal 5.x prior to Insert Node
5.x-1.2

Pages