NewsHow many vulnerabilities do you think exist on the web? Hundreds or Thousands? Your guess is as good as mine, although there are more than likely thousands of vulnerabilities all over the place. It does not have to be as terrifying as it sounds. If you do the required things and make use of the relevant patches, fixes as well as updates then your chances of being safe are much higher. It is also a good idea to be consciously aware of the new vulnerabilities out there, that way you will have a head start in protecting your machine. For now, I would like to inform you about a vulnerability that has recently been confirmed in the calendar module of Drupal. If you are wondering what Drupal is, you need not wonder anymore. Drupal is a management platform that contains many features for its' users. If you are also wondering how much Drupal costs, you don't need to wonder anymore because Drupal is open source and therefore won't cost you a cent. Drupal is compatible with the majority of operating systems with the inclusion of the Windows Millennium Edition. Some of the files of Windows Millennium Edition may include: annui.exe, apcompat.inf, baseball.dll as well as baseball.scr. The vulnerability that has surfaced is due to input which is passed and not adequately modified prior to actually being used. This vulnerability runs the risk of being exploited in order to insert arbitrary script as well as HTML code. This occurs within the context of a site which is affected when the tampered with data is being viewed. A malicious online attacker could perform cross site scripting attacks if this vulnerability is exploited. An attacker would require certain privileges in order to create new content. This may be done from the data modules date tools sub module. The biggest risk with regard to these Drupal errors is that you are at risk of being a victim of a cross site scripting attack which is not something you want to play with. Rather cross your name off from becoming a cross site scripting attack victim. This vulnerability h |
as been confirmed in the Drupal version 6.x-2.1. It may be useful for users to know that the risks of other versions also being affected are high. This vulnerability has been rated as less critical but this does not mean that Drupal users should just ignore it. What is the solution to this vulnerability? The solution to this vulnerability if for all Drupal users to update to the latest version. I would thus like to quote in conclusion:"The mantra of any good security engineer is: 'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together". - Bruce Schneier
Software Downloads
User Comments
Quote:
"This vulnerability runs the risk of being exploited in order to insert arbitrary script as well as HTML code."
Seriously - stop smoking that - it's screwing up your ability to construct sentences.