Submitted by securityadmin on
http://www.securityfocus.com/bid/36860
"Drupal LDAP Integration is prone to a cross-site scripting
vulnerability and multiple authentication-bypass vulnerabilities.
Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials, execute arbitrary code, and gain
unauthorized access to the affected application. "
This affects Drupal LDAP Integration 6.x-1.0-beta1, Drupal LDAP
Integration 5.x-1.4.
This does not affect Drupal LDAP Integration 6.x-1.0-beta2, Drupal LDAP
Integration 5.x-1.5.
It is recommended that users update to a non-vulnerable version of Drupal.
Thanks,
ep