05 July 2006, 16:10

Drupal module open to spammers

An update for the optional Form_Mail module in the Drupal CMS is intended to prevent attackers from using the system as a platform for spam. According to the developers, the module does not filter out line feeds and carriage returns from email headers, so that it may even be possible to manipulate the headers of outgoing emails. The flaw has been remedied in version 4.6.0. According to the security announcement, the problem does not affect Drupal core. In earlier versions, however, the email header could also be manipulated by means of holes in the core.

Also on The H:

Drupal.org compromised
Spam hole in Google Mail
Security updates for Drupal modules
Holes in Drupal CMS closed
Drupal CMS closes security holes
Security hole in SquirrelMail

Channels

Services

Drupal module open to spammers

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit