146 matches found
CVE-2013-6385
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via...
CVE-2013-6385
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via...
Input validation
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via...
CVE-2013-6385
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via...
CVE-2013-6385
Removed by vendor...
CVE-2013-6385
CVE-2013-6385 affects Drupal 6.x before 6.29 and 7.x before 7.24. The Form API may perform validation even when CSRF validation has failed, when used with unspecified third‑party modules, potentially enabling remote attackers to trigger application‑specific impacts such as arbitrary code executio...
FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)
Drupal Security Team reports : Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. - Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 - Multiple vulnerabilities due to weakness in pseudorandom numb...
Drupal 7.x < 7.24 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 7.x prior to 7.24. It is, therefore, potentially affected by multiple vulnerabilities : - An error exists related to the HTML form API and validation callbacks as used by third-party modules that could allow an attacker to bypass the...
drupal -- multiple vulnerabilities
Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...
CVE-2013-5937
Cross-site request forgery CSRF vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API...
CVE-2013-5937
CVE-2013-5937 affects the Drupal Click2Sell Suite module (6.x-1.x). The CSRF vulnerability allows remote attackers to hijack administrator authentication for requests that delete database information via Drupal Form API vectors. Affected component is the Click2Sell Suite module; root cause is imp...
CVE-2013-5937
Cross-site request forgery CSRF vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API...
Mandriva Linux Security Advisory : drupal (MDVSA-2013:074)
Updated drupal packages fix security vulnerabilities : Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain...
CVE-2012-1589
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL...
Open redirect
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL...
CVE-2012-1589
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL...
CVE-2012-1589
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL...
CVE-2012-1589
Drupal 7.x Form API contains an open redirect vulnerability (CVE-2012-1589) in which the redirect destination URL is not validated. This can allow remote attackers to redirect users to arbitrary sites, enabling phishing. Affected software: Drupal core 7.x prior to 7.13. Remediation: upgrade Drupa...
CVE-2012-1589
Removed by vendor...