Code-Authors Welcome Guest | Login or Register

TITLE:
Drupal Database Administration Module Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA24848

VERIFY ADVISORY:
http://secunia.com/advisories/24848/

CRITICAL:
Less critical

IMPACT:
Hijacking, Cross Site Scripting

WHERE:
From remote

SOFTWARE:
Drupal Database Admistration (dba) Module 4.x
http://secunia.com/product/13916/

DESCRIPTION:
Some vulnerabilities have been reported in Database Administration
(dba) module, which can be exploited by malicious people to conduct
cross-site scripting and request forgery attacks.

1) The dba module does not properly sanitise the result of various
database queries before returning them to the user. This can be
exploited to execute arbitrary HTML and script code in a user’s browser
session in context of an affected site.

2) The dba module does not make proper use of the Drupal Form API, which
can be exploited to perform certain actions via HTTP requests.

This is related to SA22486.

The vulnerabilities are reported in all versions of the 4.7.x-1.* branch
prior to 4.7.x-1.2 and all versions of the 4.6.x-* branch.

SOLUTION:
Update to 4.7.x.-1.2.
http://drupal.org/node/135552

PROVIDED AND/OR DISCOVERED BY:
1) Derek Wright, Drupal Security Team
2) Heine Deelstra, Drupal Security Team

ORIGINAL ADVISORY:
http://drupal.org/node/135549

OTHER REFERENCES:
SA22486:
http://secunia.com/advisories/22486/

TITLE:
PunBB “referer” and Category Name Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA24843

VERIFY ADVISORY:
http://secunia.com/advisories/24843/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
PunBB 1.x
http://secunia.com/product/3700/

DESCRIPTION:
Some vulnerabilities have been reported in PunBB, which can be exploited
by malicious people to conduct cross-site scripting attacks.

1) Input passed to the “referer” HTTP header is not properly sanitised
before being used. This can be exploited to execute arbitrary HTML and
script code in a user’s browser session in context of an affected site.

2) The admin panel does not correctly filter the names of categories
when deleting them. This can be exploited to execute arbitrary HTML and
script code in an administrator’s browser session in context of an
affected site.

Successful exploitation requires administrator privileges.

NOTE: This could further be exploited to execute arbitrary PHP code by
combining it with a file inclusion vulnerability in footer.php.

The vendor also reports several path disclosures and an “e-mail reset
annoyance”. The vulnerabilities are reported in versions prior to
1.2.15.

SOLUTION:
Update to version 1.2.15.

PROVIDED AND/OR DISCOVERED BY:
DarkFig. The vendor also credits Gary13579.

ORIGINAL ADVISORY: http://forums.punbb.org/viewtopic.php?id=15499

http://www.acid-root.new.fr/advisories/13070411.txt