Yes, and those are just the known issues.<br><br>Run sql injection tools and tests and see where one gets?<br><br>There really are a great many problems and potential issues (due to failure to install correctly) and php/mysql web system.<br>
<br><div class="gmail_quote">On Mon, Jul 6, 2009 at 1:22 PM, Stephen <span dir="ltr">&lt;<a href="mailto:cryptworks@gmail.com">cryptworks@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
i think this is for all the others of us running drupal as much as for<br>
the plug drupal<br>
<br>
but both bits of info was great.<br>
<div><div></div><div class="h5"><br>
On Mon, Jul 6, 2009 at 1:20 PM, Lisa Kachold&lt;<a href="mailto:lisakachold@obnosis.com">lisakachold@obnosis.com</a>&gt; wrote:<br>
&gt; WE don&#39;t run forums on the PLUG site Ryan.<br>
&gt;<br>
&gt; There are a great many exploits in all manner of Drupal 4,5,6 modules and we<br>
&gt; fairly well know them for the PLUG site.<br>
&gt;<br>
&gt;<br>
&gt; On Mon, Jul 6, 2009 at 10:43 AM, Ryan Rix &lt;<a href="mailto:phrkonaleash@gmail.com">phrkonaleash@gmail.com</a>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt; Multiple issues, time for an update, all you Drupal users!<br>
&gt;&gt;<br>
&gt;&gt; Cross-site scripting<br>
&gt;&gt;<br>
&gt;&gt; The Forum module does not correctly handle certain arguments obtained from<br>
&gt;&gt; the<br>
&gt;&gt; URL. By enticing a suitably privileged user to visit a specially crafted<br>
&gt;&gt; URL,<br>
&gt;&gt; a malicious user is able to insert arbitrary HTML and script code into<br>
&gt;&gt; forum<br>
&gt;&gt; pages. Such a cross-site scripting attack may lead to the malicious user<br>
&gt;&gt; gaining administrative access. Wikipedia has more information about<br>
&gt;&gt; cross-site<br>
&gt;&gt; scripting (XSS).<br>
&gt;&gt;<br>
&gt;&gt; This issue affects Drupal 6.x only<br>
&gt;&gt;<br>
&gt;&gt; <a href="http://drupal.org/node/507572" target="_blank">http://drupal.org/node/507572</a><br>
&gt;&gt;<br>
&gt;&gt; Ryan<br>
&gt;&gt; ---------------------------------------------------<br>
&gt;&gt; PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us">PLUG-discuss@lists.plug.phoenix.az.us</a><br>
&gt;&gt; To subscribe, unsubscribe, or to change your mail settings:<br>
&gt;&gt; <a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" target="_blank">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; (623)239-3392 Skype: obn0sis<br>
&gt; (503)754-4452 <a href="http://www.obnosis.com" target="_blank">www.obnosis.com</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; ---------------------------------------------------<br>
&gt; PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us">PLUG-discuss@lists.plug.phoenix.az.us</a><br>
&gt; To subscribe, unsubscribe, or to change your mail settings:<br>
&gt; <a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" target="_blank">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br>
&gt;<br>
<br>
<br>
<br>
--<br>
</div></div>A mouse trap, placed on top of your alarm clock, will prevent you from<br>
rolling over and going back to sleep after you hit the snooze button.<br>
<font color="#888888"><br>
Stephen<br>
</font><div><div></div><div class="h5">---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us">PLUG-discuss@lists.plug.phoenix.az.us</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" target="_blank">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>(623)239-3392 Skype: obn0sis<br>(503)754-4452 <a href="http://www.obnosis.com">www.obnosis.com</a><br><br><br><br><br><br>