CVE-2026-6816 TFA Basic Plugins - Access Bypass

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

EUVD-2013-1918

Malware in sbrugna...

PT-2024-10098 · Drupal · Node Access Rebuild Progressive

Name of the Vulnerable Software and Affected Versions: Node Access Rebuild Progressive versions 7.X-1.0 through 7.X-1.2 Description: The issue is related to improper ownership management in Node Access Rebuild Progressive, allowing target influence via framing. This can be exploited by a remote...

Drupal Page Manager Search Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Page Manager Search is one of the modules that provides page search capabilities through the Drupal core search module. An information disclosure vulnerability exists in versions 7.x-1....

Drupal Node Embed Module Remote Denial of Service Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Node Embed is one of the node modules used to integrate CKEditor's input filters into the content editor and embed them within the body of the article. A remote denial of service...

Login Disable - Access Bypass - Moderately Critical - SA-CONTRIB-2015-162

This module enables you to prevent existing users from logging in to your Drupal site unless they know the secret key to add to the end of the ?q=user login form page. The Login Disable module doesn't support other contributed user authentication modules like CAS or URL Login. When combined with...

Apache Solr Real-Time - Critical - Access Bypass - SA-CONTRIB-2015-119

This module allows content-changes to be committed to Apache Solr in real-time. The module doesn't check the status of an entity being indexed which means that unpublished content will get indexed by Solr and the title and partial content may be exposed to any user who has permission to search si...

SA-CONTRIB-2014-091 - Survey Builder - Cross Site Scripting (XSS)

This module allows you to use the Form Builder module to provide an intuitive interface for building surveys, along with the back-end for storing surveys and their responses. Cross Site Scripting XSS When viewing surveys at "/surveys", the survey titles printed out are not sanitized. Any...

Design/Logic Flaw

The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the a Views field or b area plugins, allows remote attackers to read restricted entities via the 1 field, 2 header, or 3 footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher...

SA-CONTRIB-2014-066 - Node Access Keys - Access Bypass

Node Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. It was found that unpublished nodes of content types that that did not have an access key were visible to all. Also, If an unpublished node of a content type that was protected by ...

SA-CONTRIB-2014-048 - Field API Pane Editor (FAPE) - Access bypass

This module adds a contextual menu to fields which are added to an entity display in Panels, allowing individual fields to be directly edited via a separate page or, if it is enabled, the Overlay module. The module doesn't sufficiently verify the user has access to modify the entity the field is...

Drupal Xapian模块安全绕过漏洞

Drupal是一套开放源码的内容管理平台。 由于在显示搜索结果时节点访问权限出现错误，攻击者可以利用漏洞泄漏其他受限制信息。 0 Drupal Xapian Module 6.x Drupal Xapian Module 7.x Drupal Xapian Module 6.x-2.2或7.x-1.2以修复此漏洞，建议用户下载使用： https://drupal.org/node/2221403...

CVE-2012-4485

The CVE concerns the Drupal Gallery formatter module prior to 7.x-1.2, specifically the galleryformatter_field_formatter_view function in galleryformatter.tpl.php. The vulnerability arises from multiple XSS flaws that allow remote authenticated users with node/entity creation permissions to injec...

CVE-2012-1643

The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors...

SA-CONTRIB-2012-115 - Gallery formatter - Cross Site Scripting (XSS)

Gallery formatter provides a field formatter for images that turns the fields into jQuery galleries. The module did not properly escape input from the user before printing it to the browser, allowing malicious users to inject script code into the page. This vulnerability is mitigated by the fact...

SA-CONTRIB-2012-094 - Maestro module - Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)

The Maestro module is a workflow engine/solution that facilitates simple and complex business process automation. The module doesn't sufficiently filter user-supplied data in its admin screens leading to a Cross Site Scripting XSS vulnerability. A Cross Site Request Forgery vulnerability in the...