CVE-2007-3876

Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil. (CVSS:6.6) (Last Update:2008-09-05)

CVE-2007-6276

The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. (CVSS:7.8) (Last Update:2011-07-18)

SA-2007-031 – Drupal core – SQL Injection possible when certain contributed modules are enabled

  • Advisory ID: DRUPAL-SA-2007-031
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-December-05
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection

Description

The function taxonomy_select_nodes() directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomy_select_nodes(), this is a weakness in Drupal core. Several contributed modules, such as taxonomy_menu, ajaxLoader, and ubrowser, directly pass user input to taxonomy_select_nodes(), enabling SQL injection attacks by anonymous users.

To learn more about SQL injection, please read this article.

Versions affected

  • Drupal 4.7.x before Drupal 4.7.9
  • Drupal 5.x before Drupal 5.4

Solution

Install the latest version:

  • If you are running Drupal 4.7.x then upgrade to Drupal 4.7.9.
  • If you are running Drupal 5.x then upgrade to Drupal 5.4.

If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade.

Reported by

  • Nadid Skywalker
  • Ivan Sergio Borgonovo

Contact

The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.

Drupal version: 

CVE-2006-7225

Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a “malformed POSIX character class”, as demonstrated via an invalid character after a [[ sequence. (CVSS:4.3) (Last Update:2010-08-21)