In association with heise online

« previous | next »
24 October 2008, 11:42

Holes in Drupal CMS closed

Drupal's developers have released versions 6.6 and 5.12 of the Drupal CMS which address a number of vulnerabilities. Among them is a hole which allows attackers to inject and execute scripts and elevate their system access rights this way. The hole can only be exploited on web servers that incorporate a number of virtual host presences.

The developers also removed a Cross Site Scripting hole in the handling of the title in book pages. Users are strongly advised to install the update. Another advisory describes a Cross Site Scripting hole in a language localisation module. An updated module fixes this hole.

See also:

(djwm)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-737771

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit