Drupal versions 4.6.0 through 4.6.3 suffer from an authentication bypass flaw when using PHP5.
7a3173d83565d75a35fe66ad58972f59aa52440ff343ed08cf689d5678f0cbb5
Drupal versions 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 suffer a script injection flaw via attached files.
35ec66097d4c6335e28d0d8461f7643c24bda8158fd7cf7483a3784f08d8f0d4
Drupal versions 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 suffer from cross site scripting flaws due to various quirks in interpretation of non-sensical attribute values.
38da2e32558d5e0702a8afa7f1fe5a808d08bed9886b36688f6b45d007ac9ff7