A number of issues exist in the content management system Drupal that could lead to code execution and the theft of database credentials via a man-in-the-middle attack, a researcher warns. The vulnerabilities lie in the way Drupal processes updates, according to Fernando Arnaboldi, senior security consultant with IOActive. Arnaboldi wrote a blog entry describing three...