Kaltura module for Drupal contained an information disclosure vulnerability which I reported and resolved.
From the Drupal advisory, SA-CONTRIB-2010-078 –
The Kaltura module integrates the Kaltura open source video platform with Drupal. When installing, uninstalling, or configuring the module, it would surreptitiously inject a hidden iframe into the messages displayed to the administrator with the source pointing to corp.kaltura.com/stats/drupal. These requests were made without prior knowledge or authorization of site administrators. The iframe also included information such as the site’s Kaltura partner ID, registration ID, or registration error code. Because most browsers also include the referring site when dispalying an iframe, information such as the URL or IP address of the Drupal site could also have been obtained.