Yes, and those are just the known issues. Run sql injection tools and tests and see where one gets? There really are a great many problems and potential issues (due to failure to install correctly) and php/mysql web system. On Mon, Jul 6, 2009 at 1:22 PM, Stephen wrote: > i think this is for all the others of us running drupal as much as for > the plug drupal > > but both bits of info was great. > > On Mon, Jul 6, 2009 at 1:20 PM, Lisa Kachold > wrote: > > WE don't run forums on the PLUG site Ryan. > > > > There are a great many exploits in all manner of Drupal 4,5,6 modules and > we > > fairly well know them for the PLUG site. > > > > > > On Mon, Jul 6, 2009 at 10:43 AM, Ryan Rix > wrote: > >> > >> Multiple issues, time for an update, all you Drupal users! > >> > >> Cross-site scripting > >> > >> The Forum module does not correctly handle certain arguments obtained > from > >> the > >> URL. By enticing a suitably privileged user to visit a specially crafted > >> URL, > >> a malicious user is able to insert arbitrary HTML and script code into > >> forum > >> pages. Such a cross-site scripting attack may lead to the malicious user > >> gaining administrative access. Wikipedia has more information about > >> cross-site > >> scripting (XSS). > >> > >> This issue affects Drupal 6.x only > >> > >> http://drupal.org/node/507572 > >> > >> Ryan > >> --------------------------------------------------- > >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > >> To subscribe, unsubscribe, or to change your mail settings: > >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > > -- > > (623)239-3392 Skype: obn0sis > > (503)754-4452 www.obnosis.com > > > > > > > > > > > > > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > -- > A mouse trap, placed on top of your alarm clock, will prevent you from > rolling over and going back to sleep after you hit the snooze button. > > Stephen > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- (623)239-3392 Skype: obn0sis (503)754-4452 www.obnosis.com