Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil. (CVSS:6.6) (Last Update:2008-09-05)
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. (CVSS:7.8) (Last Update:2011-07-18)
- Advisory ID: DRUPAL-SA-2007-031
- Project: Drupal core
- Version: 4.7.x, 5.x
- Date: 2007-December-05
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: SQL Injection
The function taxonomy_select_nodes() directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomy_select_nodes(), this is a weakness in Drupal core. Several contributed modules, such as taxonomy_menu, ajaxLoader, and ubrowser, directly pass user input to taxonomy_select_nodes(), enabling SQL injection attacks by anonymous users.
To learn more about SQL injection, please read this article.
- Drupal 4.7.x before Drupal 4.7.9
- Drupal 5.x before Drupal 5.4
Install the latest version:
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.9.
- If you are running Drupal 5.x then upgrade to Drupal 5.4.
If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade.
- Nadid Skywalker
- Ivan Sergio Borgonovo
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a “malformed POSIX character class”, as demonstrated via an invalid character after a [[ sequence. (CVSS:4.3) (Last Update:2010-08-21)