Drupal Xapian模块安全绕过漏洞

Drupal是一套开放源码的内容管理平台。 由于在显示搜索结果时节点访问权限出现错误，攻击者可以利用漏洞泄漏其他受限制信息。 0 Drupal Xapian Module 6.x Drupal Xapian Module 7.x Drupal Xapian Module 6.x-2.2或7.x-1.2以修复此漏洞，建议用户下载使用： https://drupal.org/node/2221403...

SA-CONTRIB-2012-075 - Take Control - Cross Site Request Forgery (CSRF)

CVE: CVE-2012-2341 This module enables you to manage your Drupal file-system from within Drupal itself. The module does not sufficiently validate Ajax calls leading to possibility of a Cross Site Request Forgery CSRF attack. This vulnerability is mitigated by the fact that the attacker must be ab...

SA-CONTRIB-2011-006 - Flag Page - Cross Site Scripting (XSS)

The contributed flag page module provides an additional flag type to allow you to flag pages so you can bookmark any URL on your site including views, panels, administration pages or site contact page. The module does not sanitize the flag titles when displayed in blocks, leading to a Cross-Site...

Fedora 10 : drupal-cck-6.x.2.2-1.fc10 (2009-2869)

Fixes DRUPAL-SA-CONTRIB-2009-013 - XSS issue: http://drupal.org/node/406520 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introduci...