Lucene search
+L

196 matches found

Drupal
Drupal
added 2013/11/06 12:0 a.m.24 views

SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass

Node Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. However, it only implements hooknodeaccess and not hookqueryalter, which means any listing of nodes does not respect the node view access. CVE identifiers issued CVE-2013-4596...

5.8CVSS6.4AI score0.01218EPSS
Exploits0References9
CVE
CVE
added 2013/08/28 3:0 p.m.49 views

CVE-2013-2123

The CVE-2013-2123 issue affects the Drupal module Node access user reference (nodeaccess_userreference) for Drupal 6.x-3.x (before 6.x-3.5) and Drupal 7.x-3.x (before 7.x-3.10). The root cause is inadequate access restriction for content containing a user reference field when author update/delete...

5.8CVSS6.8AI score0.01309EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2013/07/16 6:55 p.m.13 views

Design/Logic Flaw

The Chaos Tool Suite ctools module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list...

3.5CVSS6.7AI score0.01772EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2013/07/16 6:0 p.m.17 views

CVE-2013-1925

The Chaos Tool Suite ctools module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list...

6.2AI score0.01772EPSS
Exploits0References6
CVE
CVE
added 2013/07/16 6:0 p.m.49 views

CVE-2013-1925

CVE-2013-1925 affects the Chaos Tool Suite (ctools) for Drupal, specifically 7.x-1.x prior to 7.x-1.3. The vulnerability arises because the module does not properly restrict node access when generating an autocomplete list of suggested node titles, potentially exposing restricted titles to remote...

3.5CVSS6.4AI score0.01772EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2013/06/01 12:0 a.m.36 views

Drupal Node Access User Reference模块访问绕过漏洞

Bugtraq ID:60211 CVE ID:CVE-2013-2123 Drupal是一个基于PHP语言编写的开发型CMF(内容管理框架)。 Drupal Node Access User Reference模块允许对坐着,引用用户和非引用用户分配不同的访问权限。当作者创建包含用户引用字段的内容,并坐着用户账户不就被删除后,该作者创建的内容可被匿名用户编辑。 0 Drupal Node Access User Reference 6.x Drupal Node Access User Reference 7.x 厂商解决方案 Drupal Node Access User...

5.8CVSS6.7AI score0.01309EPSS
Exploits1
Drupal
Drupal
added 2013/05/29 12:0 a.m.29 views

SA-CONTRIB-2013-049 - Node access user reference - Access Bypass

This module allows different access permissions to be given to authors, referenced users and non-referenced users. When an author has created content containing a user reference field with author update/delete grants enabled and the author's user account is later deleted, content created by them...

5.8CVSS6.3AI score0.01309EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.44 views

Mandriva Linux Security Advisory : drupal (MDVSA-2013:074)

Updated drupal packages fix security vulnerabilities : Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain...

6CVSS5.7AI score0.03008EPSS
Exploits5References8
Drupal
Drupal
added 2013/04/03 12:0 a.m.16 views

SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass

This CTools module provides a set of APIs and tools to improve the developer experience. The module doesn't sufficiently enforce node access when providing an autocomplete list of suggested node titles, allowing users with the "access content" permission to see the titles of nodes which they shou...

3.5CVSS6.3AI score0.01772EPSS
Exploits0References12
Drupal
Drupal
added 2013/01/30 12:0 a.m.27 views

SA-CONTRIB-2013-011 - email2image - Access Bypass - Unsupported

This module creates images of user email addresses and email fields. The module doesn't sufficiently check node access restrictions when displaying such fields. This vulnerability is mitigated by the fact that it only impacts sites using node access. CVE identifiers issued CVE-2013-0257 Versions...

5CVSS6.5AI score0.01173EPSS
Exploits0References8
NVD
NVD
added 2012/10/31 4:55 p.m.18 views

CVE-2012-4491

The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by nodeaccess modules, which allows remote attackers to access restricted nodes via unspecified vectors...

5.8CVSS6.8AI score0.0118EPSS
Exploits0References4
NVD
NVD
added 2012/10/31 4:55 p.m.23 views

CVE-2012-4483

The commonsdiscussionviewsdefaultviews function in modules/features/commonsdiscussion/commonsdiscussion.viewsdefault.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensiti...

5CVSS6.2AI score0.01369EPSS
Exploits0References5
Prion
Prion
added 2012/10/31 4:55 p.m.16 views

Design/Logic Flaw

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact...

3.5CVSS7AI score0.00992EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2012/10/31 4:0 p.m.47 views

CVE-2012-4500

The CVE-2012-4500 entry concerns Drupal’s Announcements module (6.x-1.x) prior to version 6.x-1.5. The vulnerability allows remote authenticated users who have the 'access announcements' permission to bypass node access restrictions, potentially leading to additional unspecified impact. Patch/fix...

3.5CVSS6.7AI score0.00992EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2012/10/31 4:0 p.m.23 views

CVE-2012-4491

The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by nodeaccess modules, which allows remote attackers to access restricted nodes via unspecified vectors...

6.8AI score0.0118EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2012/10/01 12:0 a.m.45 views

CVE-2012-2153

Removed by vendor...

4CVSS6.7AI score0.01881EPSS
Exploits0
CVE
CVE
added 2012/10/01 12:0 a.m.116 views

CVE-2012-2153

CVE-2012-2153 affects Drupal 7.x prior to 7.14. The issue is an improper restriction of access to nodes in a list when using a contributed node access module, allowing remote authenticated users with the “Access the content overview page” permission to read all published nodes via the admin/conte...

4CVSS6AI score0.01881EPSS
Exploits0References7Affected Software1
Drupal
Drupal
added 2012/08/01 12:0 a.m.11 views

SA-CONTRIB-2012-120 - Monthly Archive by Node Type - Access Bypass (unsupported)

This module generates a monthly archive and block for specified node types, as well as an archive and block for whichever collection of node types you specify. The module doesn't sufficiently ensure node access for sites that use a node access system. This vulnerability is mitigated by the fact...

7AI score
Exploits0References8
Drupal
Drupal
added 2012/07/25 12:0 a.m.13 views

SA-CONTRIB-2012-117 - Location - Access Bypass

The Location module allows real-world geographic locations to be associated with Drupal nodes, including people, places, and other content. The Location Search sub-module adds a search page for searching for locations. The Location Search module fails to enforce content and user access permission...

7AI score
Exploits0References10
Drupal
Drupal
added 2012/07/11 12:0 a.m.14 views

SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass

Drupal Commons is a ready-to-use solution for building either internal or external communities. The Drupal Commons feature a central module in the distribution includes a listing of recent comments on discussions. This listing of comments is powered by a view that doesn't fully enforce node acces...

7AI score
Exploits0References9
Rows per page
Query Builder