12 matches found
EUVD-2013-0220
Malware in sbrugna...
EUVD-2014-1476
Malware in sbrugna...
CVE-2015-6752
Cross-site scripting XSS vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified...
PT-2024-10484 · Drupal · Drupal Basic Http Authentication
Name of the Vulnerable Software and Affected Versions: Drupal Basic HTTP Authentication versions 7.X-1.0 through 7.X-1.3 Drupal Basic HTTP Authentication versions prior to 7.X-1.4 Description: The issue is related to insufficient authorization mechanisms in the Basic HTTP Authentication module of...
Design/Logic Flaw
The entityaccess API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors...
Drupal CMS Updater Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP.CMS Updater module for Drupal is a module for Drupal that provides security protection for Drupal websites. A cross-site scripting vulnerability in the Drupal CMS Updater module 7.x-1.3 prior to version 7.x-1.x allows...
Authentication flaw
The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors...
Drupal Search API Autocomplete Module Cross-Site Scripting Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Search API Autocomplete is one of the modules used to add autocomplete functionality to search fields during searches and provide a list of suggestions. A cross-site scripting...
SA-CONTRIB-2015-030 - Amazon AWS - Access bypass
Amazon AWS module provides integration with Amazon Web Services AWS. A malicious user could potentially guess an access token and trigger the creation of new backups by making a request to a specially-crafted URL. If the number of stored backups was limited, an attacker could exceed the limit by...
Drupal Webform Template模块安全绕过漏洞
Drupal是一套开放源码的内容管理平台。 该漏洞是由于当显示可能的节点来复制网页表单的配置文件时,应用程序没有正确验证权限, 攻击者可以利用漏洞泄漏其他受限制接点的某些信息。 0 Drupal Webform Template Module 7.x Drupal Webform Template Module 7.x-1.3版本以修复此漏洞,建议用户下载使用: https://drupal.org/node/2216607...
Drupal Login安全模块安全绕过漏洞
Bugtraq ID:60683 Drupal是一个基于PHP语言编写的开发型CMF(内容管理框架),Drupal Login Security是一个用于Drupal的登录安全模块 Drupal Login Security模块在禁用'soft blocking'时存在安全漏洞,由于模块不正确使用字符串过滤,可导致模块忽略所有检查 0 Drupal Login Security 6.x-1.x Drupal Login Security 7.x-1.x 厂商解决方案 Drupal Login Security 6.x-1.3和7.x-1.3已经修复此漏洞,建议用户下载更新:...
CVE-2013-0182
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments...