Lourens Veen

#22241de 53,635
10.1CVSS total
Vulnerabilidades · 2
Baixa
1
Alta
1
PT-2006-3749
7.5
2006-06-06
Apache · Apache · CVE-2006-2831
**Name of the Vulnerable Software and Affected Versions** Drupal versions 4.6.x through 4.6.7 Drupal versions 4.7.x through 4.7.1 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, under certain Apache configurations, such as when FileInfo overrides are disabled within .htaccess. **Recommendations** For Drupal versions 4.6.x through 4.6.7, update to version 4.6.8 or later. For Drupal versions 4.7.x through 4.7.1, update to version 4.7.2 or later.
PT-2006-3750
2.6
2006-06-06
Drupal · Drupal · CVE-2006-2832
**Name of the Vulnerable Software and Affected Versions** Drupal versions 4.6.x before 4.6.8 Drupal versions 4.7.x before 4.7.2 **Description** A cross-site scripting (XSS) issue exists in the upload module, allowing remote attackers to inject arbitrary web script or HTML via the uploaded filename. **Recommendations** For versions 4.6.x, update to version 4.6.8 or later. For versions 4.7.x, update to version 4.7.2 or later.