vulnerabilities | Develop Site
Lightbox2 - Multiple Vulnerabilities
* Advisory ID: DRUPAL-SA-CONTRIB-2010-095
* Project: Lightbox2 (third-party module)
* Version: 5.x, 6.x
* Date: 2010-September-22
* Security risk: Highly Critical
* Exploitable from: Remote
* Vulnerability: Access Bypass, Cross-Site Scripting
-------- DESCRIPTION
---------------------------------------------------------
- Read more about Lightbox2 - Multiple Vulnerabilities
- Log in or register to post comments
SA-CONTRIB-2010-061 - AddonChat - Multiple Vulnerabilities
* Advisory ID: DRUPAL-SA-CONTRIB-2010-061
* Project: AddonChat (third-party module)
* Version: 6.x-1.x
* Date: 2010-May-26
* Security risk: Highly Critical
* Exploitable from: Remote
* Vulnerability: Multiple (Privilege Escalation, Cross-site scripting)
DESCRIPTION
The AddonChat module provides Drupal integration with the AddonChat Java chat
room.
Due to unsafe handling of the global $user object, failed authentication at
the custom addonchat_auth.php script will log in an attacker as the chosen
user.
- Read more about SA-CONTRIB-2010-061 - AddonChat - Multiple Vulnerabilities
- Log in or register to post comments