SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Cross-site scripting Various core and contributed modules - Drupal 6 and 7 A reflected cross-site scripting vulnerability XSS was identified in certain Drupal JavaScript functions that pass unexpected user input in...

drupal -- multiple vulnerabilities

Drupal Security Team reports: Cross-site scripting Various core and contributed modules Access bypass Book module printer friendly version Access bypass Image module...

CVE-2012-1591

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles...

Code injection

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles...

CVE-2012-1591

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles...

CVE-2012-1591

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles...

CVE-2012-1591

Removed by vendor...

CVE-2012-1591

CVE-2012-1591 affects Drupal core 7.x prior to 7.14 (per NVD). The vulnerability arises in the image handling pipeline where derivative image styles are cached, and the system does not properly terminate the request or set headers, enabling access to private image derivatives by unauthorized user...

python: rgbimg: multiple security issues

Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12...

SA-CONTRIB-2010-113 - Image - Cross Site Scripting

The Image module project contains supplemental modules, one of which, Image gallery, allows users to create and maintain galleries of image nodes using taxonomy terms. The Image gallery module does not sanitize some user-supplied data before displaying it, leading to a Cross Site Scripting XSS...

CVE-2008-2773

Cross-site scripting XSS vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-2773

Cross-site scripting XSS vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-2773

CVE-2008-2773 is a cross-site scripting (XSS) vulnerability in the Drupal Taxonomy Image module, affecting 5.x before 5.x-1.3 and 6.x before 6.x-1.3. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The vulnerability description does not specify ex...

CVE-2008-2773

Cross-site scripting XSS vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

SA-2008-033 - Taxonomy Image - Cross site scripting

The contributed module Taxonomy Image allows the display of images associated with taxonomy terms. Several values are displayed without being escaped, which enables users to inject arbitrary HTML and script code on pages Cross Site Scripting. This may lead to administrator access. Versions affect...

Design/Logic Flaw

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors...

CVE-2008-0823

Technical details are not publicly provided in the supplied documents for CVE-2008-0823; monitor for updates.

CVE-2008-0823

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors...

SA-2008-017 - Header image - Access bypass

The Header image module allows sites to display an image on selected pages based on the node id, path, taxonomy, node type, containing book or the result of PHP code. The module contains a vulnerability where access to the module's administration pages is granted to any user, including the...

CVE-2006-1606

Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors...