Drupal Cross-Site Scripting, Code Injection and Information Disclosure Vulnerabilities
|
Bugtraq ID:
|
35548
|
|
Class:
|
Input Validation Error
|
|
CVE:
|
CVE-2009-2370
CVE-2009-2371
CVE-2009-2372
CVE-2009-2373
CVE-2009-2374
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Jul 01 2009 12:00AM
|
|
Updated:
|
Nov 10 2009 10:36PM
|
|
Credit:
|
Mark Piper of Catalyst IT Ltd, Sven Herrmann, and Brandon Knight, Gerhard Killesreiter, and Sumit Datta
|
|
Vulnerable:
|
Red Hat Fedora 9
Red Hat Fedora 11
Red Hat Fedora 10
Drupal Drupal 6.9
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.4
Drupal Drupal 6.3
Drupal Drupal 6.2
Drupal Drupal 6.12
Drupal Drupal 6.11
Drupal Drupal 6.10
Drupal Drupal 6.1
Drupal Drupal 6.0
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.7
Drupal Drupal 5.6
Drupal Drupal 5.5
Drupal Drupal 5.4
Drupal Drupal 5.3
Drupal Drupal 5.2
Drupal Drupal 5.18
Drupal Drupal 5.17
Drupal Drupal 5.16
Drupal Drupal 5.15
Drupal Drupal 5.13
Drupal Drupal 5.12
Drupal Drupal 5.11
Drupal Drupal 5.10
Drupal Drupal 5.1 revision 1.1
Drupal Drupal 5.1
Drupal Drupal 5.0
Drupal Advanced Forum 6.x-2.x-dev
Drupal Advanced Forum 6.x-1.x-dev
Drupal Advanced Forum 5.x-1.x-dev
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
|
|
|
|
Not Vulnerable:
|
Drupal Drupal 6.13
Drupal Drupal 5.19
Drupal Advanced Forum 6.x-1.1
Drupal Advanced Forum 5.x-1.1
|
|
