LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

drupal: arbitrary file execution

Package(s):drupal CVE #(s):CVE-2006-2742 CVE-2006-2743 CVE-2006-2831 CVE-2006-2832 CVE-2006-2833
Created:July 27, 2006 Updated:August 2, 2006
Description: The Drupal web platform has a number of remotely exploitable vulnerabilities including:

An SQL injection vulnerability in the "count" and "from" variables of the database interface.

Incorrect file extension handling in an Apache/mod_mime environment.

A cross-site scripting vulnerability in the upload module.

A cross-site scripting vulnerability in the taxonomy module.

Alerts:
Debian DSA-1125-2 2006-07-27
Debian DSA-1125-1 2006-07-26
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds