| |||||||||||||
| Test ID: | 1.3.6.1.4.1.25623.1.0.60022 |
| Category: | FreeBSD Local Security Checks |
| Title: | FreeBSD Ports: drupal5 |
| Summary: | FreeBSD Ports: drupal5 |
| Description: | The remote host is missing an update to the system as announced in the referenced advisory. The following packages are affected: drupal5 drupal4 CVE-2007-6299 Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. Solution: Update your system with the appropriate patches or software upgrades. http://drupal.org/node/198162 http://secunia.com/advisories/27932/ http://www.vuxml.org/freebsd/fa708908-a8c7-11dc-b41d-000fb5066b20.html |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-6299 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00190.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00258.html BugTraq ID: 26735 http://www.securityfocus.com/bid/26735 http://secunia.com/advisories/27932 http://secunia.com/advisories/27951 http://secunia.com/advisories/27973 XForce ISS Database: drupal-taxonomy-sql-injection(38884) http://xforce.iss.net/xforce/xfdb/38884 XForce ISS Database: vbdrupal-taxonomy-sql-injection(38886) http://xforce.iss.net/xforce/xfdb/38886 |
| Copyright | Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com |
| This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois
© 1998-2013 E-Soft Inc. All rights reserved.