Vulnerabilities > CVE-2006-2832 - Unspecified vulnerability in Drupal
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN drupal
nessus
Summary
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-1125.NASL |
| description | The Drupal update in DSA 1125 contained a regression. This update corrects this flaw. For completeness, the original advisory text below : Several remote vulnerabilities have been discovered in the Drupal website platform, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2742 A SQL injection vulnerability has been discovered in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 22667 |
| published | 2006-10-14 |
| reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/22667 |
| title | Debian DSA-1125-2 : drupal - several vulnerabilities |
References
- http://drupal.org/node/66763
- http://drupal.org/files/sa-2006-007/advisory.txt
- http://www.securityfocus.com/bid/18245
- http://www.debian.org/security/2006/dsa-1125
- http://secunia.com/advisories/21244
- http://securityreason.com/securityalert/1042
- http://www.securityfocus.com/archive/1/435792/100/0/threaded