Security updates

SourceForge.net Award winner

phpMyAdmin - Fri, 07/24/2009 - 03:18
Hi,
thanks to the Open Source community who awarded "Best Tool or Utility
for SysAdmins" to ... phpMyAdmin. (0 comments)
Categories: Security updates

SA-CONTRIB-2009-045: Moderation - Cross Site Request Forgery

Drupal contributed security feed - Wed, 07/22/2009 - 15:20
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-045
  • Project: Moderation (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-07-22
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site Request Forgery

SA-CONTRIB-2009-044 - Bubbletimer - Multiple vulnerabilities

Drupal contributed security feed - Wed, 07/22/2009 - 07:36
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-044
  • Project: Bubbletimer (third-party module)
  • Version: 6.x
  • Date: 2009-July-22
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

phpMyAdmin 3.2.1-rc1 is released

phpMyAdmin - Mon, 07/20/2009 - 04:56
Welcome to the first release candidate for phpMyAdmin 3.2.1, a bugfix-only version. (0 comments)
Categories: Security updates

SA-CONTRIB-2009-043 - Image Assist - Multiple vulnerabilities

Drupal contributed security feed - Wed, 07/15/2009 - 17:48
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-043
  • Project: Image Assist (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-07-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting, Information disclosure

SA-CONTRIB-2009-042 - Submitted By - Cross Site Scripting

Drupal contributed security feed - Wed, 07/15/2009 - 14:26
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-042
  • Project: Submitted By (third-party module)
  • Version: 6.x
  • Date: 2009-July-15
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2009-041 - Nodequeue - Access bypass

Drupal contributed security feed - Wed, 07/08/2009 - 11:45
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-041
  • Project: Nodequeue (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-July-08
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2009-040 - Advanced Forum - Multiple vulnerabilities

Drupal contributed security feed - Wed, 07/01/2009 - 15:58
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-040
  • Project: Advanced Forum (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-July-1
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

Drupal core security feed - Wed, 07/01/2009 - 15:56
  • Advisory ID: DRUPAL-SA-CORE-2009-007
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-July-1
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

phpMyAdmin 3.2.0.1 is released

phpMyAdmin - Tue, 06/30/2009 - 06:07
Welcome to the first security release for phpMyAdmin 3.2.0. Details will follow on http://phpmyadmin.net in the Security section (see PMASA-2009-5). (0 comments)
Categories: Security updates

SA-CONTRIB-2009-039 - Links Package - Cross Site Scripting

Drupal contributed security feed - Thu, 06/25/2009 - 10:46
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-039
  • Project: Links Package (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-June-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

phpMyAdmin is finalist!

phpMyAdmin - Mon, 06/22/2009 - 19:31
The 2009 SourceForge.net Community Choice Awards program has announced that phpMyAdmin is finalist for "Best Tool or Utility for SysAdmins" and "Best Tool or Utility for Developers". This is great news but it's up to all users to vote for us (you have until July 20 but hey -- now is the perfect time to vote!). (0 comments)
Categories: Security updates

phpMyAdmin 3.2.0 is released

phpMyAdmin - Mon, 06/15/2009 - 10:49
Welcome to phpMyAdmin 3.2.0. This version contains a number of small new features and some bug fixes. (0 comments)
Categories: Security updates

SA-CONTRIB-2009-038 - Nodequeue - Multiple vulnerabilities

Drupal contributed security feed - Wed, 06/10/2009 - 17:15
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-038
  • Project: Nodequeue (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-June-10
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2009-037 - Views - Multiple vulnerabilities

Drupal contributed security feed - Wed, 06/10/2009 - 16:59
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-037
  • Project: Views
  • Versions: 6.x-2.x
  • Date: 2009-June-10
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting (XSS), Access Bypass

SA-CONTRIB-2009-036 - Services - Impersonation

Drupal contributed security feed - Wed, 06/10/2009 - 16:07
  • Advisory ID: SA-CONTRIB-2009-036
  • Project: Services (third-party module)
  • Version: 6.x
  • Date: 2009 June 10
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Impersonation

SA-CONTRIB-2009-033 - Quiz - Cross site scripting

Drupal contributed security feed - Wed, 06/03/2009 - 15:34
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-033
  • Project: Quiz (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-June-03
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Description

The Quiz module provides tools for authoring and administering quizzes through Drupal. A quiz is given as a series of questions, with only one question appearing per page. Scores are then stored in the database. The module does not properly escape user-supplied data on some pages, allowing malicious users to insert arbitrary HTML and script code into these pages. A user who has access to create quizzes or quiz questions could attempt a cross site scripting (XSS) attack which may lead to the user gaining full administrative access.

Versions affected
  • All versions of Quiz for Drupal 5.x
  • Quiz 6.x-2.x prior to 6.x-2.2
  • Quiz 6.x-3.x prior to 6.x-3.0

Drupal core is not affected. If you do not use the contributed Quiz module, there is nothing you need to do.

Solution

If you use Drupal 5.x, uninstall the Quiz module which has been marked unmaintained for six months or upgrade to Quiz for Drupal 6.x.

SA-CONTRIB-2009-032 - Webform - Cross-site scripting

Drupal contributed security feed - Wed, 06/03/2009 - 15:03
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-032
  • Project: Webform (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2009-June-03
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting

phpMyAdmin 3.2.0-rc1 is released

phpMyAdmin - Sun, 05/31/2009 - 05:49
Welcome to the first release candidate for phpMyAdmin 3.2.0. This version contains a number of small new features and some bug fixes. (1 comments)
Categories: Security updates

SA-CONTRIB-2009-031 - Ajax Session - Multiple vulnerabilities

Drupal contributed security feed - Wed, 05/27/2009 - 12:20
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-031
  • Project: Ajax Session (third-party module)
  • Version: 5.x
  • Date: 2009 May 27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities
Syndicate content