[ MDVSA-2013:287 ] drupal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:287 http://www.mandriva.com/en/support/security/ Package : drupal Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple security issues was identified and fixed in drupal: Drup...

FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)

Drupal Security Team reports : Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. - Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 - Multiple vulnerabilities due to weakness in pseudorandom numb...

Mandriva Linux Security Advisory : drupal (MDVSA-2013:287-1)

Multiple security issues was identified and fixed in drupal : Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high...

drupal -- multiple vulnerabilities

Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...

SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any...

CVE-2013-0246

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors...

CVE-2013-0246

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors...

Design/Logic Flaw

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors...

CVE-2013-0246

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors...

CVE-2013-0246

The CVE-2013-0246 issue affects Drupal core 7.x prior to 7.19. In the Image module, when a private file system is used, derivative images are not properly protected, allowing remote attackers to read derivative images of restricted images via unspecified vectors. Impact is unauthorized access to ...

CVE-2013-0246

Removed by vendor...

CVE-2013-0316

The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service CPU and disk space consumption via a large number of new derivative requests...

Code injection

The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service CPU and disk space consumption via a large number of new derivative requests...

CVE-2013-0316

The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service CPU and disk space consumption via a large number of new derivative requests...

CVE-2013-0316

The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service CPU and disk space consumption via a large number of new derivative requests...

CVE-2013-0316

CVE-2013-0316 : Drupal 7.x before 7.20 is affected via the Image module, where on-demand generation of image derivatives can be abused by requesting a large number of derivatives, causing high CPU load and disk space consumption leading to potential DoS. The root cause is the derivative-generatio...

CVE-2013-0316

Removed by vendor...

SA-CORE-2013-002 - Drupal core - Denial of service

Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becomi...

drupal7 -- Denial of service

Drupal Security Team reports: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effec...

Drupal 6.x < 6.28 / 7.x < 7.19 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.28 or 7.x prior to 7.19. It is, therefore, potentially affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists due to properly sanitized user-supplied input to certain Drupal JavaScript...