Vimeo: CSRF bypass

Dear Team, Once again i'm here. During research of vimeo.com I found that you are using anti-csrf token against csrf attack. but it's not going to validate on server side. let's see Step 1: go to https://vimeo.com/forgotpassword Step 2: write your email and click on help me. Step 3: Now before...

CVE-2013-6385

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via...

Input validation

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via...

CVE-2013-6385

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via...

CVE-2013-6385

CVE-2013-6385 affects Drupal 6.x before 6.29 and 7.x before 7.24. The Form API may perform validation even when CSRF validation has failed, when used with unspecified third‑party modules, potentially enabling remote attackers to trigger application‑specific impacts such as arbitrary code executio...

CVE-2013-6385

Removed by vendor...

Mandriva Linux Security Advisory : drupal (MDVSA-2013:287-1)

Multiple security issues was identified and fixed in drupal : Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high...