Lucene search
+L

178 matches found

Friends Of PHP
Friends Of PHP
added 2020/05/20 1:37 p.m.8 views

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

More info at https://www.drupal.org/sa-core-2020-003...

7.2AI score
Exploits0Affected Software1
Drupal
Drupal
added 2020/02/05 12:0 a.m.18 views

Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003

Views Bulk Operations provides enhancements to running bulk actions on views. The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to. This vulnerability is mitigated by the fact that it only occurs in the case of...

6.9AI score
Exploits0References7
The Hacker News
The Hacker News
added 2019/12/19 2:42 p.m.7 views

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three...

6AI score
Exploits0
Drupal
Drupal
added 2019/10/02 12:0 a.m.14 views

Localization update - Moderately critical - Insecure server configuration - SA-CONTRIB-2019-072

This module enables you to automatically download and update the site's interface translation by fetching them from localize.drupal.org or any other Localization server. The module doesn't sufficiently protect the directory it stores translation files in. It's conventional for directories which m...

6.6AI score
Exploits0References8
Drupal
Drupal
added 2019/08/14 12:0 a.m.5 views

External Links Filter - Moderately critical - Open Redirect Vulnerability - SA-CONTRIB-2019-063

The External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL. The module did not have protection for the Redirect URL to go where content authors intended...

5.6AI score
Exploits0References8
FreeBSD
FreeBSD
added 2019/05/08 12:0 a.m.36 views

drupal -- Drupal core - Moderately critical

Drupal Security Team reports: CVE-2019-11831: By-passing protection of Phar Stream Wrapper Interceptor. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream...

9.8CVSS0.7AI score0.05586EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/01/15 8:0 p.m.34 views

CVE-2017-6924 REST API can bypass comment approval - Access Bypass - Moderately Critical

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

8.3AI score0.02102EPSS
Exploits0References3
Drupal
Drupal
added 2018/12/19 12:0 a.m.15 views

E-Sign - Moderately critical - Cross site scripting - SA-CONTRIB-2018-080

This module allows for integration of Signature Pad, an electronic-signing script, into Drupal for both nodes content, the Field API FAPI, and Webforms. The module doesn't sufficiently filter user input when displaying a signature. The vulnerability is mitigated by the fact that an attacker must...

6.4AI score
Exploits0References6
Drupal
Drupal
added 2018/10/10 12:0 a.m.15 views

NVP field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-066

NVP field module allows you to create a field type of name/value pairs, with custom titles and easily editable rendering with customizable HTML/text surrounding the pairs. The module doesn't sufficiently handle sanitization of its field formatter's output. This vulnerability is mitigated by the...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2018/09/26 12:0 a.m.6 views

Taxonomy File Tree - Moderately critical - Access bypass - SA-CONTRIB-2018-061

Taxonomy File Tree allows site managers to create file trees. For files managed as Drupal files, the module does not properly check that a user has access to a file before letting the user download the file. This vulnerability only affects sites that use private files...

5.3AI score
Exploits0References7
Drupal
Drupal
added 2018/09/19 12:0 a.m.16 views

Renderkit - Moderately critical - Access bypass - SA-CONTRIB-2018-060

This module, typically in combination with cfr:cfrplugin, allows to compose behaviors from granular components. One of such behaviors is to display a list of related entities, for a given source entity and a given entity relation e.g. an entity reference field. The components that display related...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2018/08/29 12:0 a.m.21 views

Bing Autosuggest API - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-058

This module enables you to use the Bing Autosuggest API. The module doesn't sufficiently sanitize a value used to populate an API request...

6.6AI score
Exploits0References5
Drupal
Drupal
added 2018/07/25 12:0 a.m.9 views

Select (or other) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-054

This module enables users to select 'other' on certain form elements and a textfield appears for the user to provide a custom value. The module doesn't sufficiently escape values of a text field the under the scenario when "Select or other" formatter is used. This vulnerability is mitigated by th...

6.5AI score
Exploits0References7
Drupal
Drupal
added 2018/07/11 12:0 a.m.14 views

litejazz - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-050

This theme features 3 color styles, 12 fully collapsible regions, suckerfish menus, fluid or fixed widths, easy configuration, and more. The theme doesn't sufficiently sanitize user input. This vulnerability is mitigated by the fact that the theme is only exploitable with non-default settings and...

6.7AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.17 views

Fedora 27 : drupal7-views (2017-25114a9d7f)

7.x-3.18 - 7.x-3.17 - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

5.5AI score
Exploits0References2
Drupal
Drupal
added 2017/12/06 12:0 a.m.17 views

Node feedback - Moderately critical - Access Bypass - SA-CONTRIB-2017-092

This module enables you to set nodes to send feedbacks by personal/site wide contact forms. The module doesn't sufficiently handle the access to nodes whose titles will be shown on contact forms. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Us...

6.4AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2017/09/29 12:0 a.m.17 views

Fedora 25 : drupal7-views (2017-f27641a807)

7.x-3.18 - 7.x-3.17 - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/08/21 12:0 a.m.39 views

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)

Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

9.8CVSS7.6AI score0.03017EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2017/08/16 12:0 a.m.31 views

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

9.8CVSS3AI score0.03017EPSS
Exploits0
Drupal
Drupal
added 2017/06/28 12:0 a.m.16 views

SMTP - Moderately Critical - Information Disclosure - SA-CONTRIB-2017-055

This SMTP module enables you to send mail using a third party non-system mail service instead of the local system mailer included with Drupal. When this module is in debugging mode, it will log privileged information. CVE identifiers issued ACVE identifier will be requested, and added upon...

6.9AI score
Exploits0References17
Rows per page
Query Builder