vulnerabilities | Develop Site

Lightbox2 - Multiple Vulnerabilities

* Advisory ID: DRUPAL-SA-CONTRIB-2010-095
* Project: Lightbox2 (third-party module)
* Version: 5.x, 6.x
* Date: 2010-September-22
* Security risk: Highly Critical
* Exploitable from: Remote
* Vulnerability: Access Bypass, Cross-Site Scripting

-------- DESCRIPTION
---------------------------------------------------------

Language English

SEO [en:field:taxonomy_vocabulary_4:book:label]:

vulnerabilities

Tags [en:field:taxonomy_vocabulary_3:book:label]:

Lightbox2

Taxonomy upgrade extras [en:field:taxonomyextra:book:label]:

Newsletter

Read more about Lightbox2 - Multiple Vulnerabilities
Log in or register to post comments

SA-CONTRIB-2010-061 - AddonChat - Multiple Vulnerabilities

* Advisory ID: DRUPAL-SA-CONTRIB-2010-061
* Project: AddonChat (third-party module)
* Version: 6.x-1.x
* Date: 2010-May-26
* Security risk: Highly Critical
* Exploitable from: Remote
* Vulnerability: Multiple (Privilege Escalation, Cross-site scripting)

DESCRIPTION

The AddonChat module provides Drupal integration with the AddonChat Java chat
room.

Due to unsafe handling of the global $user object, failed authentication at
the custom addonchat_auth.php script will log in an attacker as the chosen
user.

Language English

Newsletter [en:field:taxonomy_vocabulary_2:story:label]:

Newsletter

SEO [en:field:taxonomy_vocabulary_4:story:label]:

vulnerabilities

Tags [en:field:taxonomy_vocabulary_3:story:label]:

security